April 2019 - tor-commits - lists.torproject.org

[tor/master] Make it clear to coverity we aren't leaking in protover_all_supported()
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit 781d69f3a7e1c9d70120cda970b203dea4180b99 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 11 17:51:11 2019 -0400 Make it clear to coverity we aren't leaking in protover_all_supported() The logic here should be "use versions or free it". The "free it" part was previously in a kind of obfuscated place, so coverity wasn't sure it was invoked as appropriate. CID 1437436. --- src/core/or/protover.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/or/protover.c b/src/core/or/protover.c index 53709ad00..1edf78ec8 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -820,6 +820,8 @@ protover_all_supported(const char *s, char **missing_out) * ones and, if so, add them to unsupported->ranges. */ if (versions->low != 0 && versions->high != 0) { smartlist_add(unsupported->ranges, versions); + } else { + tor_free(versions); } /* Finally, if we had something unsupported, add it to the list of * missing_some things and mark that there was something missing. */ @@ -828,7 +830,6 @@ protover_all_supported(const char *s, char **missing_out) all_supported = 0; } else { proto_entry_free(unsupported); - tor_free(versions); } } SMARTLIST_FOREACH_END(range);

1 0

[tor/master] Merge branch 'tor-github/pr/936'
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit 9084a90b00e51c92595347f8ac796df93876dc1a Merge: a44aca545 e39b53ef7 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Apr 30 19:21:15 2019 +0300 Merge branch 'tor-github/pr/936' changes/coverity_falsepos | 4 ++++ scripts/maint/practracker/exceptions.txt | 6 +++--- src/core/or/protover.c | 3 ++- src/feature/rend/rendservice.c | 1 + src/lib/net/address.c | 8 ++++++-- 5 files changed, 16 insertions(+), 6 deletions(-) diff --cc scripts/maint/practracker/exceptions.txt index df19cc470,b84396272..d90ed1f4b --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@@ -117,9 -117,9 +117,9 @@@ problem include-count /src/core/or/conn problem function-size /src/core/or/connection_or.c:connection_or_group_set_badness_() 105 problem function-size /src/core/or/connection_or.c:connection_or_client_learned_peer_id() 144 problem function-size /src/core/or/connection_or.c:connection_or_compute_authenticate_cell_body() 235 -problem file-size /src/core/or/policies.c 3163 +problem file-size /src/core/or/policies.c 3171 problem function-size /src/core/or/policies.c:policy_summarize() 107 - problem function-size /src/core/or/protover.c:protover_all_supported() 116 + problem function-size /src/core/or/protover.c:protover_all_supported() 117 problem file-size /src/core/or/relay.c 3173 problem function-size /src/core/or/relay.c:circuit_receive_relay_cell() 123 problem function-size /src/core/or/relay.c:relay_send_command_from_edge_() 101

1 0

[tor/master] Merge branch 'tor-github/pr/937'
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit d885ed867ffe3474f4b76f7249f0b6b335a8b9a3 Merge: 9084a90b0 85ff6f911 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Apr 30 19:21:46 2019 +0300 Merge branch 'tor-github/pr/937' changes/bug30148 | 4 ++++ src/feature/relay/routerkeys.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --cc src/feature/relay/routerkeys.c index d965777ad,000000000..5db7ed726 mode 100644,000000..100644 --- a/src/feature/relay/routerkeys.c +++ b/src/feature/relay/routerkeys.c @@@ -1,746 -1,0 +1,746 @@@ +/* Copyright (c) 2014-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file routerkeys.c + * + * \brief Functions and structures to handle generating and maintaining the + * set of keypairs necessary to be an OR. + * + * The keys handled here now are the Ed25519 keys that Tor relays use to sign + * descriptors, authenticate themselves on links, and identify one another + * uniquely. Other keys are maintained in router.c and rendservice.c. + * + * (TODO: The keys in router.c should go here too.) + */ + +#include "core/or/or.h" +#include "app/config/config.h" +#include "feature/relay/router.h" +#include "feature/relay/routerkeys.h" +#include "feature/relay/routermode.h" +#include "feature/keymgt/loadkey.h" +#include "feature/nodelist/torcert.h" + +#include "lib/crypt_ops/crypto_util.h" +#include "lib/tls/tortls.h" +#include "lib/tls/x509.h" + +#define ENC_KEY_HEADER "Boxed Ed25519 key" +#define ENC_KEY_TAG "master" + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +static ed25519_keypair_t *master_identity_key = NULL; +static ed25519_keypair_t *master_signing_key = NULL; +static ed25519_keypair_t *current_auth_key = NULL; +static tor_cert_t *signing_key_cert = NULL; +static tor_cert_t *link_cert_cert = NULL; +static tor_cert_t *auth_key_cert = NULL; + +static uint8_t *rsa_ed_crosscert = NULL; +static size_t rsa_ed_crosscert_len = 0; +static time_t rsa_ed_crosscert_expiration = 0; + +/** + * Running as a server: load, reload, or refresh our ed25519 keys and + * certificates, creating and saving new ones as needed. + * + * Return -1 on failure; 0 on success if the signing key was not replaced; + * and 1 on success if the signing key was replaced. + */ +int +load_ed_keys(const or_options_t *options, time_t now) +{ + ed25519_keypair_t *id = NULL; + ed25519_keypair_t *sign = NULL; + ed25519_keypair_t *auth = NULL; + const ed25519_keypair_t *sign_signing_key_with_id = NULL; + const ed25519_keypair_t *use_signing = NULL; + const tor_cert_t *check_signing_cert = NULL; + tor_cert_t *sign_cert = NULL; + tor_cert_t *auth_cert = NULL; + int signing_key_changed = 0; + + // It is later than 1972, since otherwise there would be no C compilers. + // (Try to diagnose #22466.) + tor_assert_nonfatal(now >= 2 * 365 * 86400); + +#define FAIL(msg) do { \ + log_warn(LD_OR, (msg)); \ + goto err; \ + } while (0) +#define SET_KEY(key, newval) do { \ + if ((key) != (newval)) \ + ed25519_keypair_free(key); \ + key = (newval); \ + } while (0) +#define SET_CERT(cert, newval) do { \ + if ((cert) != (newval)) \ + tor_cert_free(cert); \ + cert = (newval); \ + } while (0) +#define HAPPENS_SOON(when, interval) \ + ((when) < now + (interval)) +#define EXPIRES_SOON(cert, interval) \ + (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval))) + + /* XXXX support encrypted identity keys fully */ + + /* First try to get the signing key to see how it is. */ + { + char *fname = + options_get_keydir_fname(options, "ed25519_signing"); + sign = ed_key_init_from_file( + fname, + INIT_ED_KEY_NEEDCERT| + INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT, + LOG_INFO, + NULL, 0, 0, CERT_TYPE_ID_SIGNING, &sign_cert, options); + tor_free(fname); + check_signing_cert = sign_cert; + use_signing = sign; + } + + if (use_signing) { + /* We loaded a signing key with its certificate. */ + if (! master_signing_key) { + /* We didn't know one before! */ + signing_key_changed = 1; + } else if (! ed25519_pubkey_eq(&use_signing->pubkey, + &master_signing_key->pubkey) || + ! tor_memeq(use_signing->seckey.seckey, + master_signing_key->seckey.seckey, + ED25519_SECKEY_LEN)) { + /* We loaded a different signing key than the one we knew before. */ + signing_key_changed = 1; + } + } + + if (!use_signing && master_signing_key) { + /* We couldn't load a signing key, but we already had one loaded */ + check_signing_cert = signing_key_cert; + use_signing = master_signing_key; + } + + const int offline_master = + options->OfflineMasterKey && options->command != CMD_KEYGEN; + const int need_new_signing_key = + NULL == use_signing || + EXPIRES_SOON(check_signing_cert, 0) || + (options->command == CMD_KEYGEN && ! options->change_key_passphrase); + const int want_new_signing_key = + need_new_signing_key || + EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop); + + /* We can only create a master key if we haven't been told that the + * master key will always be offline. Also, if we have a signing key, + * then we shouldn't make a new master ID key. */ + const int can_make_master_id_key = !offline_master && + NULL == use_signing; + + if (need_new_signing_key) { + log_notice(LD_OR, "It looks like I need to generate and sign a new " + "medium-term signing key, because %s. To do that, I " + "need to load%s the permanent master identity key. " + "If the master identity key was not moved or encrypted " + "with a passphrase, this will be done automatically and " + "no further action is required. Otherwise, provide the " + "necessary data using 'tor --keygen' to do it manually.", + (NULL == use_signing) ? "I don't have one" : + EXPIRES_SOON(check_signing_cert, 0) ? "the one I have is expired" : + "you asked me to make one with --keygen", + can_make_master_id_key ? " (or create)" : ""); + } else if (want_new_signing_key && !offline_master) { + log_notice(LD_OR, "It looks like I should try to generate and sign a " + "new medium-term signing key, because the one I have is " + "going to expire soon. To do that, I'm going to have to " + "try to load the permanent master identity key. " + "If the master identity key was not moved or encrypted " + "with a passphrase, this will be done automatically and " + "no further action is required. Otherwise, provide the " + "necessary data using 'tor --keygen' to do it manually."); + } else if (want_new_signing_key) { + log_notice(LD_OR, "It looks like I should try to generate and sign a " + "new medium-term signing key, because the one I have is " + "going to expire soon. But OfflineMasterKey is set, so I " + "won't try to load a permanent master identity key. You " + "will need to use 'tor --keygen' to make a new signing " + "key and certificate."); + } + + { + uint32_t flags = + (INIT_ED_KEY_SPLIT| + INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR); + if (can_make_master_id_key) + flags |= INIT_ED_KEY_CREATE; + if (! need_new_signing_key) + flags |= INIT_ED_KEY_MISSING_SECRET_OK; + if (! want_new_signing_key || offline_master) + flags |= INIT_ED_KEY_OMIT_SECRET; + if (offline_master) + flags |= INIT_ED_KEY_OFFLINE_SECRET; + if (options->command == CMD_KEYGEN) + flags |= INIT_ED_KEY_TRY_ENCRYPTED; + + /* Check/Create the key directory */ + if (create_keys_directory(options) < 0) - return -1; ++ goto err; + + char *fname; + if (options->master_key_fname) { + fname = tor_strdup(options->master_key_fname); + flags |= INIT_ED_KEY_EXPLICIT_FNAME; + } else { + fname = options_get_keydir_fname(options, "ed25519_master_id"); + } + id = ed_key_init_from_file( + fname, + flags, + LOG_WARN, NULL, 0, 0, 0, NULL, options); + tor_free(fname); + if (!id) { + if (need_new_signing_key) { + if (offline_master) + FAIL("Can't load master identity key; OfflineMasterKey is set."); + else + FAIL("Missing identity key"); + } else { + log_warn(LD_OR, "Master public key was absent; inferring from " + "public key in signing certificate and saving to disk."); + tor_assert(check_signing_cert); + id = tor_malloc_zero(sizeof(*id)); + memcpy(&id->pubkey, &check_signing_cert->signing_key, + sizeof(ed25519_public_key_t)); + fname = options_get_keydir_fname(options, + "ed25519_master_id_public_key"); + if (ed25519_pubkey_write_to_file(&id->pubkey, fname, "type0") < 0) { + log_warn(LD_OR, "Error while attempting to write master public key " + "to disk"); + tor_free(fname); + goto err; + } + tor_free(fname); + } + } + if (tor_mem_is_zero((char*)id->seckey.seckey, sizeof(id->seckey))) + sign_signing_key_with_id = NULL; + else + sign_signing_key_with_id = id; + } + + if (master_identity_key && + !ed25519_pubkey_eq(&id->pubkey, &master_identity_key->pubkey)) { + FAIL("Identity key on disk does not match key we loaded earlier!"); + } + + if (need_new_signing_key && NULL == sign_signing_key_with_id) + FAIL("Can't load master key make a new signing key."); + + if (sign_cert) { + if (! sign_cert->signing_key_included) + FAIL("Loaded a signing cert with no key included!"); + if (! ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey)) + FAIL("The signing cert we have was not signed with the master key " + "we loaded!"); + if (tor_cert_checksig(sign_cert, &id->pubkey, 0) < 0) { + log_warn(LD_OR, "The signing cert we loaded was not signed " + "correctly: %s!", + tor_cert_describe_signature_status(sign_cert)); + goto err; + } + } + + if (want_new_signing_key && sign_signing_key_with_id) { + uint32_t flags = (INIT_ED_KEY_CREATE| + INIT_ED_KEY_REPLACE| + INIT_ED_KEY_EXTRA_STRONG| + INIT_ED_KEY_NEEDCERT| + INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT); + char *fname = + options_get_keydir_fname(options, "ed25519_signing"); + ed25519_keypair_free(sign); + tor_cert_free(sign_cert); + sign = ed_key_init_from_file(fname, + flags, LOG_WARN, + sign_signing_key_with_id, now, + options->SigningKeyLifetime, + CERT_TYPE_ID_SIGNING, &sign_cert, options); + tor_free(fname); + if (!sign) + FAIL("Missing signing key"); + use_signing = sign; + signing_key_changed = 1; + + tor_assert(sign_cert->signing_key_included); + tor_assert(ed25519_pubkey_eq(&sign_cert->signing_key, &id->pubkey)); + tor_assert(ed25519_pubkey_eq(&sign_cert->signed_key, &sign->pubkey)); + } else if (want_new_signing_key) { + static ratelim_t missing_master = RATELIM_INIT(3600); + log_fn_ratelim(&missing_master, LOG_WARN, LD_OR, + "Signing key will expire soon, but I can't load the " + "master key to sign a new one!"); + } + + tor_assert(use_signing); + + /* At this point we no longer need our secret identity key. So wipe + * it, if we loaded it in the first place. */ + memwipe(id->seckey.seckey, 0, sizeof(id->seckey)); + + if (options->command == CMD_KEYGEN) + goto end; + + if (server_mode(options) && + (!rsa_ed_crosscert || + HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) { + uint8_t *crosscert; + time_t expiration = now+6*30*86400; /* 6 months in the future. */ + ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey, + get_server_identity_key(), + expiration, + &crosscert); + tor_free(rsa_ed_crosscert); + rsa_ed_crosscert_len = crosscert_len; + rsa_ed_crosscert = crosscert; + rsa_ed_crosscert_expiration = expiration; + } + + if (!current_auth_key || + signing_key_changed || + EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)) { + auth = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT, + now, + options->TestingAuthKeyLifetime, + CERT_TYPE_SIGNING_AUTH, &auth_cert); + + if (!auth) + FAIL("Can't create auth key"); + } + + /* We've generated or loaded everything. Put them in memory. */ + + end: + if (! master_identity_key) { + SET_KEY(master_identity_key, id); + } else { + tor_free(id); + } + if (sign) { + SET_KEY(master_signing_key, sign); + SET_CERT(signing_key_cert, sign_cert); + } + if (auth) { + SET_KEY(current_auth_key, auth); + SET_CERT(auth_key_cert, auth_cert); + } + + return signing_key_changed; + err: + ed25519_keypair_free(id); + ed25519_keypair_free(sign); + ed25519_keypair_free(auth); + tor_cert_free(sign_cert); + tor_cert_free(auth_cert); + return -1; +} + +/** + * Retrieve our currently-in-use Ed25519 link certificate and id certificate, + * and, if they would expire soon (based on the time now, generate new + * certificates (without embedding the public part of the signing key inside). + * If force is true, always generate a new certificate. + * + * The signed_key from the current id->signing certificate will be used to + * sign the new key within newly generated X509 certificate. + * + * Returns -1 upon error. Otherwise, returns 0 upon success (either when the + * current certificate is still valid, or when a new certificate was + * successfully generated, or no certificate was needed). + */ +int +generate_ed_link_cert(const or_options_t *options, time_t now, + int force) +{ + const tor_x509_cert_t *link_ = NULL, *id = NULL; + tor_cert_t *link_cert = NULL; + + if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) { + if (!server_mode(options)) { + /* No need to make an Ed25519->Link cert: we are a client */ + return 0; + } + log_warn(LD_OR, "Can't get my x509 link cert."); + return -1; + } + + const common_digests_t *digests = tor_x509_cert_get_cert_digests(link_); + + if (force == 0 && + link_cert_cert && + ! EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop) && + fast_memeq(digests->d[DIGEST_SHA256], link_cert_cert->signed_key.pubkey, + DIGEST256_LEN)) { + return 0; + } + + ed25519_public_key_t dummy_key; + memcpy(dummy_key.pubkey, digests->d[DIGEST_SHA256], DIGEST256_LEN); + + link_cert = tor_cert_create(get_master_signing_keypair(), + CERT_TYPE_SIGNING_LINK, + &dummy_key, + now, + options->TestingLinkCertLifetime, 0); + + if (link_cert) { + SET_CERT(link_cert_cert, link_cert); + } + return 0; +} + +#undef FAIL +#undef SET_KEY +#undef SET_CERT + +/** + * Return 1 if any of the following are true: + * + * - if one of our Ed25519 signing, auth, or link certificates would expire + * soon w.r.t. the time now, + * - if we do not currently have a link certificate, or + * - if our cached Ed25519 link certificate is not same as the one we're + * currently using. + * + * Otherwise, returns 0. + */ +int +should_make_new_ed_keys(const or_options_t *options, const time_t now) +{ + if (!master_identity_key || + !master_signing_key || + !current_auth_key || + !link_cert_cert || + EXPIRES_SOON(signing_key_cert, options->TestingSigningKeySlop) || + EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop) || + EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop)) + return 1; + + const tor_x509_cert_t *link_ = NULL, *id = NULL; + + if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) + return 1; + + const common_digests_t *digests = tor_x509_cert_get_cert_digests(link_); + + if (!fast_memeq(digests->d[DIGEST_SHA256], + link_cert_cert->signed_key.pubkey, + DIGEST256_LEN)) { + return 1; + } + + return 0; +} + +#undef EXPIRES_SOON +#undef HAPPENS_SOON + +#ifdef TOR_UNIT_TESTS +/* Helper for unit tests: populate the ed25519 keys without saving or + * loading */ +void +init_mock_ed_keys(const crypto_pk_t *rsa_identity_key) +{ + routerkeys_free_all(); + +#define MAKEKEY(k) \ + k = tor_malloc_zero(sizeof(*k)); \ + if (ed25519_keypair_generate(k, 0) < 0) { \ + log_warn(LD_BUG, "Couldn't make a keypair"); \ + goto err; \ + } + MAKEKEY(master_identity_key); + MAKEKEY(master_signing_key); + MAKEKEY(current_auth_key); +#define MAKECERT(cert, signing, signed_, type, flags) \ + cert = tor_cert_create(signing, \ + type, \ + &signed_->pubkey, \ + time(NULL), 86400, \ + flags); \ + if (!cert) { \ + log_warn(LD_BUG, "Couldn't make a %s certificate!", #cert); \ + goto err; \ + } + + MAKECERT(signing_key_cert, + master_identity_key, master_signing_key, CERT_TYPE_ID_SIGNING, + CERT_FLAG_INCLUDE_SIGNING_KEY); + MAKECERT(auth_key_cert, + master_signing_key, current_auth_key, CERT_TYPE_SIGNING_AUTH, 0); + + if (generate_ed_link_cert(get_options(), time(NULL), 0) < 0) { + log_warn(LD_BUG, "Couldn't make link certificate"); + goto err; + } + + rsa_ed_crosscert_len = tor_make_rsa_ed25519_crosscert( + &master_identity_key->pubkey, + rsa_identity_key, + time(NULL)+86400, + &rsa_ed_crosscert); + + return; + + err: + routerkeys_free_all(); + tor_assert_nonfatal_unreached(); +} +#undef MAKEKEY +#undef MAKECERT +#endif /* defined(TOR_UNIT_TESTS) */ + +/** + * Print the ISO8601-formated expiration for a certificate with + * some description to stdout. + * + * For example, for a signing certificate, this might print out: + * signing-cert-expiry: 2017-07-25 08:30:15 UTC + */ +static void +print_cert_expiration(const char *expiration, + const char *description) +{ + fprintf(stderr, "%s-cert-expiry: %s\n", description, expiration); +} + +/** + * Log when a certificate, cert, with some description and + * stored in a file named fname, is going to expire. + */ +static void +log_ed_cert_expiration(const tor_cert_t *cert, + const char *description, + const char *fname) { + char expiration[ISO_TIME_LEN+1]; + + if (BUG(!cert)) { /* If the specified key hasn't been loaded */ + log_warn(LD_OR, "No %s key loaded; can't get certificate expiration.", + description); + } else { + format_local_iso_time(expiration, cert->valid_until); + log_notice(LD_OR, "The %s certificate stored in %s is valid until %s.", + description, fname, expiration); + print_cert_expiration(expiration, description); + } +} + +/** + * Log when our master signing key certificate expires. Used when tor is given + * the --key-expiration command-line option. + * + * Returns 0 on success and 1 on failure. + */ +static int +log_master_signing_key_cert_expiration(const or_options_t *options) +{ + const tor_cert_t *signing_key; + char *fn = NULL; + int failed = 0; + time_t now = approx_time(); + + fn = options_get_keydir_fname(options, "ed25519_signing_cert"); + + /* Try to grab our cached copy of the key. */ + signing_key = get_master_signing_key_cert(); + + tor_assert(server_identity_key_is_set()); + + /* Load our keys from disk, if necessary. */ + if (!signing_key) { + failed = load_ed_keys(options, now) < 0; + signing_key = get_master_signing_key_cert(); + } + + /* If we do have a signing key, log the expiration time. */ + if (signing_key) { + log_ed_cert_expiration(signing_key, "signing", fn); + } else { + log_warn(LD_OR, "Could not load signing key certificate from %s, so " \ + "we couldn't learn anything about certificate expiration.", fn); + } + + tor_free(fn); + + return failed; +} + +/** + * Log when a key certificate expires. Used when tor is given the + * --key-expiration command-line option. + * + * If an command argument is given, which should specify the type of + * key to get expiry information about (currently supported arguments + * are "sign"), get info about that type of certificate. Otherwise, + * print info about the supported arguments. + * + * Returns 0 on success and -1 on failure. + */ +int +log_cert_expiration(void) +{ + const or_options_t *options = get_options(); + const char *arg = options->command_arg; + + if (!strcmp(arg, "sign")) { + return log_master_signing_key_cert_expiration(options); + } else { + fprintf(stderr, "No valid argument to --key-expiration found!\n"); + fprintf(stderr, "Currently recognised arguments are: 'sign'\n"); + + return -1; + } +} + +const ed25519_public_key_t * +get_master_identity_key(void) +{ + if (!master_identity_key) + return NULL; + return &master_identity_key->pubkey; +} + +/** Return true iff id is our Ed25519 master identity key. */ +int +router_ed25519_id_is_me(const ed25519_public_key_t *id) +{ + return id && master_identity_key && + ed25519_pubkey_eq(id, &master_identity_key->pubkey); +} + +#ifdef TOR_UNIT_TESTS +/* only exists for the unit tests, since otherwise the identity key + * should be used to sign nothing but the signing key. */ +const ed25519_keypair_t * +get_master_identity_keypair(void) +{ + return master_identity_key; +} +#endif /* defined(TOR_UNIT_TESTS) */ + +MOCK_IMPL(const ed25519_keypair_t *, +get_master_signing_keypair,(void)) +{ + return master_signing_key; +} + +MOCK_IMPL(const struct tor_cert_st *, +get_master_signing_key_cert,(void)) +{ + return signing_key_cert; +} + +const ed25519_keypair_t * +get_current_auth_keypair(void) +{ + return current_auth_key; +} + +const tor_cert_t * +get_current_link_cert_cert(void) +{ + return link_cert_cert; +} + +const tor_cert_t * +get_current_auth_key_cert(void) +{ + return auth_key_cert; +} + +void +get_master_rsa_crosscert(const uint8_t **cert_out, + size_t *size_out) +{ + *cert_out = rsa_ed_crosscert; + *size_out = rsa_ed_crosscert_len; +} + +/** Construct cross-certification for the master identity key with + * the ntor onion key. Store the sign of the corresponding ed25519 public key + * in *sign_out. */ +tor_cert_t * +make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key, + const ed25519_public_key_t *master_id_key, time_t now, time_t lifetime, + int *sign_out) +{ + tor_cert_t *cert = NULL; + ed25519_keypair_t ed_onion_key; + + if (ed25519_keypair_from_curve25519_keypair(&ed_onion_key, sign_out, + onion_key) < 0) + goto end; + + cert = tor_cert_create(&ed_onion_key, CERT_TYPE_ONION_ID, master_id_key, + now, lifetime, 0); + + end: + memwipe(&ed_onion_key, 0, sizeof(ed_onion_key)); + return cert; +} + +/** Construct and return an RSA signature for the TAP onion key to + * cross-certify the RSA and Ed25519 identity keys. Set len_out to its + * length. */ +uint8_t * +make_tap_onion_key_crosscert(const crypto_pk_t *onion_key, + const ed25519_public_key_t *master_id_key, + const crypto_pk_t *rsa_id_key, + int *len_out) +{ + uint8_t signature[PK_BYTES]; + uint8_t signed_data[DIGEST_LEN + ED25519_PUBKEY_LEN]; + + *len_out = 0; + if (crypto_pk_get_digest(rsa_id_key, (char*)signed_data) < 0) { + log_info(LD_OR, "crypto_pk_get_digest failed in " + "make_tap_onion_key_crosscert!"); + return NULL; + } + memcpy(signed_data + DIGEST_LEN, master_id_key->pubkey, ED25519_PUBKEY_LEN); + + int r = crypto_pk_private_sign(onion_key, + (char*)signature, sizeof(signature), + (const char*)signed_data, sizeof(signed_data)); + if (r < 0) { + /* It's probably missing the private key */ + log_info(LD_OR, "crypto_pk_private_sign failed in " + "make_tap_onion_key_crosscert!"); + return NULL; + } + + *len_out = r; + + return tor_memdup(signature, r); +} + +void +routerkeys_free_all(void) +{ + ed25519_keypair_free(master_identity_key); + ed25519_keypair_free(master_signing_key); + ed25519_keypair_free(current_auth_key); + tor_cert_free(signing_key_cert); + tor_cert_free(link_cert_cert); + tor_cert_free(auth_key_cert); + tor_free(rsa_ed_crosscert); + + master_identity_key = master_signing_key = NULL; + current_auth_key = NULL; + signing_key_cert = link_cert_cert = auth_key_cert = NULL; + rsa_ed_crosscert = NULL; // redundant + rsa_ed_crosscert_len = 0; +}

1 0

[translation/support-portal] Update translations for support-portal
by translation＠torproject.org 30 Apr '19

30 Apr '19

commit ec7d2431318b8657ee84a1a03bef8db71ffa2a07 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Apr 30 16:23:10 2019 +0000 Update translations for support-portal --- contents+fr.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contents+fr.po b/contents+fr.po index eec3c8fca..35b31a59c 100644 --- a/contents+fr.po +++ b/contents+fr.po @@ -4063,7 +4063,7 @@ msgstr "Un relais spécial qui maintient la liste des [ponts](#bridge)." #: https//support.torproject.org/misc/glossary/ #: (content/misc/glossary/contents+en.lrquestion.description) msgid "### browser fingerprinting" -msgstr "### pistage par empreinte numérique du navigateur" +msgstr "### pistage par empreinte numérique unique du navigateur" #: https//support.torproject.org/misc/glossary/ #: (content/misc/glossary/contents+en.lrquestion.description)

1 0

[translation/tpo-web] Update translations for tpo-web
by translation＠torproject.org 30 Apr '19

30 Apr '19

commit a9ba3ba928e723f8282e5669500ddd6f1a545852 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Apr 30 16:22:44 2019 +0000 Update translations for tpo-web --- contents+fr.po | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/contents+fr.po b/contents+fr.po index 97f0d3616..8aa9a10bb 100644 --- a/contents+fr.po +++ b/contents+fr.po @@ -591,7 +591,7 @@ msgstr "Consultez ou joignez-vous aux rencontres d’équipe publiques." #: templates/contact.html:13 msgid "Discuss running a Tor relay." -msgstr "Discutez de l’exploitation d’un relais Tor." +msgstr "Discutez de l’exploitation d’un relais Tor." #: templates/contact.html:14 msgid "Talk with Tor's global south community." @@ -939,6 +939,10 @@ msgid "" "Tor Browser aims to make all users look the same making it difficult for you" " to be fingerprinted based on your browser and device information." msgstr "" +"Le Navigateur Tor vise à rendre tous les utilisateurs semblables en " +"apparence, afin qu’il soit plus difficile de vous suivre d’après l’empreinte" +" numérique unique de votre navigateur et les renseignements de votre " +"appareil." #: templates/home.html:58 msgid "Multi-layered Encryption" @@ -954,6 +958,9 @@ msgid "" "network. The network is comprised of thousands of volunteer-run servers " "known as Tor relays." msgstr "" +"Votre trafic est relayé et chiffré trois fois alors qu’il traverse le réseau" +" Tor. Le réseau comprend des milliers de serveurs exploités par des " +"bénévoles, appelés relais Tor." #: templates/home.html:75 msgid "Browse Freely" @@ -968,26 +975,33 @@ msgid "" "With Tor Browser, you are free to access sites your home network may have " "blocked." msgstr "" +"Avec le Navigateur Tor, vous pouvez accéder librement à des sites que votre " +"réseau domestique pourrait avoir bloqués." #: templates/jobs.html:2 msgid "Current Openings" -msgstr "" +msgstr "Postes vacants" #: templates/jobs.html:13 msgid "" "At the moment, we don't have any official open positions. Please check back " "soon, though!" msgstr "" +"Pour le moment, nous n’avons aucun poste officiel vacant. Revérifiez bientôt" +" !" #: templates/jobs.html:18 templates/projects.html:5 msgid "Previous Openings" -msgstr "" +msgstr "Postes précédents" #: templates/jobs.html:32 templates/projects.html:33 msgid "" "Think you could help us in a position that's not listed? We also rely on a " "vast community of volunteer contributors and many have become paid staff." msgstr "" +"Pensez-vous que vous pourriez nous aider dans un rôle qui n’est pas indiqué " +"? Nous dépendons aussi d’une vaste communauté de contributeurs bénévoles, " +"dont bon nombre sont maintenant rémunérés." #: templates/jobs.html:32 templates/projects.html:33 msgid "We invite you to join us on IRC to find how you can get involved."

1 0

[translation/tbmanual-contentspot_completed] Update translations for tbmanual-contentspot_completed
by translation＠torproject.org 30 Apr '19

30 Apr '19

commit 722ecc57c5667312373f35be6fd98522ef946ed8 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Apr 30 16:20:10 2019 +0000 Update translations for tbmanual-contentspot_completed --- contents+fr.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contents+fr.po b/contents+fr.po index 99bd7c468..dad4d3cc2 100644 --- a/contents+fr.po +++ b/contents+fr.po @@ -122,7 +122,7 @@ msgid "" "“fingerprinting” or identifying you based on your browser configuration." msgstr "" "De plus, le Navigateur Tor est conçu pour empêcher le pistage par empreinte " -"numérique unique ou votre identification par les sites Web d’après la " +"numérique unique ou votre identification, par les sites Web, d’après la " "configuration de votre navigateur." #: https//tb-manual.torproject.org/en-US/about/

1 0

[tor/master] Move dirauth periodic events into dirauth module.
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit b5a62b1ef5cfbe3e56caa110d9024f7fa0ac6ae6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 25 15:09:24 2019 -0400 Move dirauth periodic events into dirauth module. Closes ticket 30294. --- scripts/maint/practracker/exceptions.txt | 6 +- src/app/config/config.c | 1 + src/app/main/shutdown.c | 1 - src/app/main/subsystem_list.c | 6 ++ src/core/include.am | 4 + src/core/mainloop/mainloop.c | 140 ------------------------------ src/core/mainloop/mainloop.h | 1 - src/core/mainloop/periodic.c | 27 ++++++ src/core/mainloop/periodic.h | 2 + src/feature/dirauth/dirauth_periodic.c | 142 +++++++++++++++++++++++++++++++ src/feature/dirauth/dirauth_periodic.h | 25 ++++++ src/feature/dirauth/dirauth_sys.c | 33 +++++++ src/feature/dirauth/dirauth_sys.h | 12 +++ src/feature/nodelist/networkstatus.c | 1 + 14 files changed, 256 insertions(+), 145 deletions(-) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index 37f11bb44..a0358ae83 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -29,8 +29,8 @@ # # Remember: It is better to fix the problem than to add a new exception! -problem file-size /src/app/config/config.c 8491 -problem include-count /src/app/config/config.c 86 +problem file-size /src/app/config/config.c 8492 +problem include-count /src/app/config/config.c 87 problem function-size /src/app/config/config.c:options_act_reversible() 296 problem function-size /src/app/config/config.c:options_act() 588 problem function-size /src/app/config/config.c:resolve_my_address() 192 @@ -214,7 +214,7 @@ problem function-size /src/feature/nodelist/authcert.c:trusted_dirs_load_certs_f problem function-size /src/feature/nodelist/authcert.c:authority_certs_fetch_missing() 296 problem function-size /src/feature/nodelist/fmt_routerstatus.c:routerstatus_format_entry() 166 problem function-size /src/feature/nodelist/microdesc.c:microdesc_cache_rebuild() 134 -problem include-count /src/feature/nodelist/networkstatus.c 61 +problem include-count /src/feature/nodelist/networkstatus.c 62 problem function-size /src/feature/nodelist/networkstatus.c:networkstatus_check_consensus_signature() 176 problem function-size /src/feature/nodelist/networkstatus.c:networkstatus_set_current_consensus() 293 problem function-size /src/feature/nodelist/node_select.c:router_pick_directory_server_impl() 123 diff --git a/src/app/config/config.c b/src/app/config/config.c index 46dc15b06..81a83e2c5 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -156,6 +156,7 @@ #include "lib/evloop/procmon.h" #include "feature/dirauth/dirvote.h" +#include "feature/dirauth/dirauth_periodic.h" #include "feature/dirauth/recommend_pkg.h" #include "feature/dirauth/authmode.h" diff --git a/src/app/main/shutdown.c b/src/app/main/shutdown.c index 2dc18e19a..9239a0cf0 100644 --- a/src/app/main/shutdown.c +++ b/src/app/main/shutdown.c @@ -125,7 +125,6 @@ tor_free_all(int postfork) } geoip_free_all(); geoip_stats_free_all(); - dirvote_free_all(); routerlist_free_all(); networkstatus_free_all(); addressmap_free_all(); diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c index 7ffdcc805..00effe01a 100644 --- a/src/app/main/subsystem_list.c +++ b/src/app/main/subsystem_list.c @@ -24,6 +24,8 @@ #include "lib/wallclock/wallclock_sys.h" #include "lib/process/process_sys.h" +#include "feature/dirauth/dirauth_sys.h" + #include <stddef.h> /** @@ -47,6 +49,10 @@ const subsys_fns_t *tor_subsystems[] = { &sys_btrack, /* -30 */ &sys_mainloop, /* 5 */ + +#ifdef HAVE_MODULE_DIRAUTH + &sys_dirauth, /* 70 */ +#endif }; const unsigned n_tor_subsystems = ARRAY_LENGTH(tor_subsystems); diff --git a/src/core/include.am b/src/core/include.am index 4645bca76..dc1ff2407 100644 --- a/src/core/include.am +++ b/src/core/include.am @@ -176,6 +176,8 @@ LIBTOR_APP_TESTING_A_SOURCES = $(LIBTOR_APP_A_SOURCES) # The Directory Authority module. MODULE_DIRAUTH_SOURCES = \ src/feature/dirauth/authmode.c \ + src/feature/dirauth/dirauth_periodic.c \ + src/feature/dirauth/dirauth_sys.c \ src/feature/dirauth/dircollate.c \ src/feature/dirauth/dirvote.c \ src/feature/dirauth/shared_random.c \ @@ -308,6 +310,8 @@ noinst_HEADERS += \ src/feature/control/getinfo_geoip.h \ src/feature/dirauth/authmode.h \ src/feature/dirauth/bwauth.h \ + src/feature/dirauth/dirauth_periodic.h \ + src/feature/dirauth/dirauth_sys.h \ src/feature/dirauth/dircollate.h \ src/feature/dirauth/dirvote.h \ src/feature/dirauth/dsigs_parse.h \ diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c index 8c90103a7..8e61bd7e6 100644 --- a/src/core/mainloop/mainloop.c +++ b/src/core/mainloop/mainloop.c @@ -75,7 +75,6 @@ #include "feature/control/control.h" #include "feature/control/control_events.h" #include "feature/dirauth/authmode.h" -#include "feature/dirauth/reachability.h" #include "feature/dircache/consdiffmgr.h" #include "feature/dircache/dirserv.h" #include "feature/dircommon/directory.h" @@ -106,9 +105,6 @@ #include <event2/event.h> -#include "feature/dirauth/dirvote.h" -#include "feature/dirauth/authmode.h" - #include "core/or/cell_st.h" #include "core/or/entry_connection_st.h" #include "feature/nodelist/networkstatus_st.h" @@ -1346,7 +1342,6 @@ static int periodic_events_initialized = 0; #define CALLBACK(name) \ static int name ## _callback(time_t, const or_options_t *) CALLBACK(add_entropy); -CALLBACK(check_authority_cert); CALLBACK(check_canonical_channels); CALLBACK(check_descriptor); CALLBACK(check_dns_honesty); @@ -1356,14 +1351,11 @@ CALLBACK(check_for_reachability_bw); CALLBACK(check_onion_keys_expiry_time); CALLBACK(clean_caches); CALLBACK(clean_consdiffmgr); -CALLBACK(dirvote); -CALLBACK(downrate_stability); CALLBACK(expire_old_ciruits_serverside); CALLBACK(fetch_networkstatus); CALLBACK(heartbeat); CALLBACK(hs_service); CALLBACK(launch_descriptor_fetches); -CALLBACK(launch_reachability_tests); CALLBACK(prune_old_routers); CALLBACK(reachability_warnings); CALLBACK(record_bridge_stats); @@ -1373,7 +1365,6 @@ CALLBACK(retry_dns); CALLBACK(retry_listeners); CALLBACK(rotate_onion_key); CALLBACK(rotate_x509_certificate); -CALLBACK(save_stability); CALLBACK(save_state); CALLBACK(write_bridge_ns); CALLBACK(write_stats_file); @@ -1428,15 +1419,6 @@ STATIC periodic_event_item_t mainloop_periodic_events[] = { CALLBACK(retry_dns, ROUTER, 0), CALLBACK(rotate_onion_key, ROUTER, 0), - /* Authorities (bridge and directory) only. */ - CALLBACK(downrate_stability, AUTHORITIES, 0), - CALLBACK(launch_reachability_tests, AUTHORITIES, FL(NEED_NET)), - CALLBACK(save_stability, AUTHORITIES, 0), - - /* Directory authority only. */ - CALLBACK(check_authority_cert, DIRAUTH, 0), - CALLBACK(dirvote, DIRAUTH, FL(NEED_NET)), - /* Relay only. */ CALLBACK(check_canonical_channels, RELAY, FL(NEED_NET)), CALLBACK(check_dns_honesty, RELAY, FL(NEED_NET)), @@ -1470,7 +1452,6 @@ STATIC periodic_event_item_t mainloop_periodic_events[] = { * can access them by name. We also keep them inside periodic_events[] * so that we can implement "reset all timers" in a reasonable way. */ static periodic_event_item_t *check_descriptor_event=NULL; -static periodic_event_item_t *dirvote_event=NULL; static periodic_event_item_t *fetch_networkstatus_event=NULL; static periodic_event_item_t *launch_descriptor_fetches_event=NULL; static periodic_event_item_t *check_dns_honesty_event=NULL; @@ -1569,7 +1550,6 @@ initialize_periodic_events(void) NAMED_CALLBACK(check_descriptor); NAMED_CALLBACK(prune_old_routers); - NAMED_CALLBACK(dirvote); NAMED_CALLBACK(fetch_networkstatus); NAMED_CALLBACK(launch_descriptor_fetches); NAMED_CALLBACK(check_dns_honesty); @@ -1581,7 +1561,6 @@ teardown_periodic_events(void) { periodic_events_destroy_all(); check_descriptor_event = NULL; - dirvote_event = NULL; fetch_networkstatus_event = NULL; launch_descriptor_fetches_event = NULL; check_dns_honesty_event = NULL; @@ -1712,29 +1691,6 @@ mainloop_schedule_shutdown(int delay_sec) mainloop_event_schedule(scheduled_shutdown_ev, &delay_tv); } -#define LONGEST_TIMER_PERIOD (30 * 86400) -/** Helper: Return the number of seconds between now and next, - * clipped to the range [1 second, LONGEST_TIMER_PERIOD]. */ -static inline int -safe_timer_diff(time_t now, time_t next) -{ - if (next > now) { - /* There were no computers at signed TIME_MIN (1902 on 32-bit systems), - * and nothing that could run Tor. It's a bug if 'next' is around then. - * On 64-bit systems with signed TIME_MIN, TIME_MIN is before the Big - * Bang. We cannot extrapolate past a singularity, but there was probably - * nothing that could run Tor then, either. - **/ - tor_assert(next > TIME_MIN + LONGEST_TIMER_PERIOD); - - if (next - LONGEST_TIMER_PERIOD > now) - return LONGEST_TIMER_PERIOD; - return (int)(next - now); - } else { - return 1; - } -} - /** Perform regular maintenance tasks. This function gets run once per * second. */ @@ -2004,102 +1960,6 @@ check_network_participation_callback(time_t now, const or_options_t *options) } /** - * Periodic callback: if we're an authority, make sure we test - * the routers on the network for reachability. - */ -static int -launch_reachability_tests_callback(time_t now, const or_options_t *options) -{ - if (authdir_mode_tests_reachability(options) && - !net_is_disabled()) { - /* try to determine reachability of the other Tor relays */ - dirserv_test_reachability(now); - } - return REACHABILITY_TEST_INTERVAL; -} - -/** - * Periodic callback: if we're an authority, discount the stability - * information (and other rephist information) that's older. - */ -static int -downrate_stability_callback(time_t now, const or_options_t *options) -{ - (void)options; - /* 1d. Periodically, we discount older stability information so that new - * stability info counts more, and save the stability information to disk as - * appropriate. */ - time_t next = rep_hist_downrate_old_runs(now); - return safe_timer_diff(now, next); -} - -/** - * Periodic callback: if we're an authority, record our measured stability - * information from rephist in an mtbf file. - */ -static int -save_stability_callback(time_t now, const or_options_t *options) -{ - if (authdir_mode_tests_reachability(options)) { - if (rep_hist_record_mtbf_data(now, 1)<0) { - log_warn(LD_GENERAL, "Couldn't store mtbf data."); - } - } -#define SAVE_STABILITY_INTERVAL (30*60) - return SAVE_STABILITY_INTERVAL; -} - -/** - * Periodic callback: if we're an authority, check on our authority - * certificate (the one that authenticates our authority signing key). - */ -static int -check_authority_cert_callback(time_t now, const or_options_t *options) -{ - (void)now; - (void)options; - /* 1e. Periodically, if we're a v3 authority, we check whether our cert is - * close to expiring and warn the admin if it is. */ - v3_authority_check_key_expiry(); -#define CHECK_V3_CERTIFICATE_INTERVAL (5*60) - return CHECK_V3_CERTIFICATE_INTERVAL; -} - -/** - * Scheduled callback: Run directory-authority voting functionality. - * - * The schedule is a bit complicated here, so dirvote_act() manages the - * schedule itself. - **/ -static int -dirvote_callback(time_t now, const or_options_t *options) -{ - if (!authdir_mode_v3(options)) { - tor_assert_nonfatal_unreached(); - return 3600; - } - - time_t next = dirvote_act(options, now); - if (BUG(next == TIME_MAX)) { - /* This shouldn't be returned unless we called dirvote_act() without - * being an authority. If it happens, maybe our configuration will - * fix itself in an hour or so? */ - return 3600; - } - return safe_timer_diff(now, next); -} - -/** Reschedule the directory-authority voting event. Run this whenever the - * schedule has changed. */ -void -reschedule_dirvote(const or_options_t *options) -{ - if (authdir_mode_v3(options) && dirvote_event) { - periodic_event_reschedule(dirvote_event); - } -} - -/** * Periodic callback: If our consensus is too old, recalculate whether * we can actually use it. */ diff --git a/src/core/mainloop/mainloop.h b/src/core/mainloop/mainloop.h index 2dccdf0e1..3a611f81a 100644 --- a/src/core/mainloop/mainloop.h +++ b/src/core/mainloop/mainloop.h @@ -62,7 +62,6 @@ void reset_all_main_loop_timers(void); void reschedule_descriptor_update_check(void); void reschedule_directory_downloads(void); void reschedule_or_state_save(void); -void reschedule_dirvote(const or_options_t *options); void mainloop_schedule_postloop_cleanup(void); void rescan_periodic_events(const or_options_t *options); MOCK_DECL(void, schedule_rescan_periodic_events,(void)); diff --git a/src/core/mainloop/periodic.c b/src/core/mainloop/periodic.c index a4a03ed29..ceef74099 100644 --- a/src/core/mainloop/periodic.c +++ b/src/core/mainloop/periodic.c @@ -323,3 +323,30 @@ periodic_events_destroy_all(void) smartlist_free(the_periodic_events); } + +#define LONGEST_TIMER_PERIOD (30 * 86400) +/** Helper: Return the number of seconds between now and next, + * clipped to the range [1 second, LONGEST_TIMER_PERIOD]. + * + * We use this to answer the question, "how many seconds is it from now until + * next" in periodic timer callbacks. Don't use it for other purposes + **/ +int +safe_timer_diff(time_t now, time_t next) +{ + if (next > now) { + /* There were no computers at signed TIME_MIN (1902 on 32-bit systems), + * and nothing that could run Tor. It's a bug if 'next' is around then. + * On 64-bit systems with signed TIME_MIN, TIME_MIN is before the Big + * Bang. We cannot extrapolate past a singularity, but there was probably + * nothing that could run Tor then, either. + **/ + tor_assert(next > TIME_MIN + LONGEST_TIMER_PERIOD); + + if (next - LONGEST_TIMER_PERIOD > now) + return LONGEST_TIMER_PERIOD; + return (int)(next - now); + } else { + return 1; + } +} diff --git a/src/core/mainloop/periodic.h b/src/core/mainloop/periodic.h index a021a141d..4e4e8b2c9 100644 --- a/src/core/mainloop/periodic.h +++ b/src/core/mainloop/periodic.h @@ -97,4 +97,6 @@ periodic_event_item_t *periodic_events_find(const char *name); void periodic_events_rescan_by_roles(int roles, bool net_disabled); void periodic_events_destroy_all(void); +int safe_timer_diff(time_t now, time_t next); + #endif /* !defined(TOR_PERIODIC_H) */ diff --git a/src/feature/dirauth/dirauth_periodic.c b/src/feature/dirauth/dirauth_periodic.c new file mode 100644 index 000000000..1fa0ca9cf --- /dev/null +++ b/src/feature/dirauth/dirauth_periodic.c @@ -0,0 +1,142 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "core/or/or.h" + +#include "app/config/or_options_st.h" +#include "core/mainloop/netstatus.h" +#include "feature/dirauth/reachability.h" +#include "feature/stats/rephist.h" + +#include "feature/dirauth/dirvote.h" +#include "feature/dirauth/dirauth_periodic.h" +#include "feature/dirauth/authmode.h" + +#include "core/mainloop/periodic.h" + +#define DECLARE_EVENT(name, roles, flags) \ + static periodic_event_item_t name ## _event = \ + PERIODIC_EVENT(name, \ + PERIODIC_EVENT_ROLE_##roles, \ + flags) + +#define FL(name) (PERIODIC_EVENT_FLAG_##name) + +/** + * Periodic callback: if we're an authority, check on our authority + * certificate (the one that authenticates our authority signing key). + */ +static int +check_authority_cert_callback(time_t now, const or_options_t *options) +{ + (void)now; + (void)options; + /* 1e. Periodically, if we're a v3 authority, we check whether our cert is + * close to expiring and warn the admin if it is. */ + v3_authority_check_key_expiry(); +#define CHECK_V3_CERTIFICATE_INTERVAL (5*60) + return CHECK_V3_CERTIFICATE_INTERVAL; +} + +DECLARE_EVENT(check_authority_cert, DIRAUTH, 0); + +/** + * Scheduled callback: Run directory-authority voting functionality. + * + * The schedule is a bit complicated here, so dirvote_act() manages the + * schedule itself. + **/ +static int +dirvote_callback(time_t now, const or_options_t *options) +{ + if (!authdir_mode_v3(options)) { + tor_assert_nonfatal_unreached(); + return 3600; + } + + time_t next = dirvote_act(options, now); + if (BUG(next == TIME_MAX)) { + /* This shouldn't be returned unless we called dirvote_act() without + * being an authority. If it happens, maybe our configuration will + * fix itself in an hour or so? */ + return 3600; + } + return safe_timer_diff(now, next); +} + +DECLARE_EVENT(dirvote, DIRAUTH, FL(NEED_NET)); + +/** Reschedule the directory-authority voting event. Run this whenever the + * schedule has changed. */ +void +reschedule_dirvote(const or_options_t *options) +{ + if (authdir_mode_v3(options)) { + periodic_event_reschedule(&dirvote_event); + } +} + +/** + * Periodic callback: if we're an authority, record our measured stability + * information from rephist in an mtbf file. + */ +static int +save_stability_callback(time_t now, const or_options_t *options) +{ + if (authdir_mode_tests_reachability(options)) { + if (rep_hist_record_mtbf_data(now, 1)<0) { + log_warn(LD_GENERAL, "Couldn't store mtbf data."); + } + } +#define SAVE_STABILITY_INTERVAL (30*60) + return SAVE_STABILITY_INTERVAL; +} + +DECLARE_EVENT(save_stability, AUTHORITIES, 0); + +/** + * Periodic callback: if we're an authority, make sure we test + * the routers on the network for reachability. + */ +static int +launch_reachability_tests_callback(time_t now, const or_options_t *options) +{ + if (authdir_mode_tests_reachability(options) && + !net_is_disabled()) { + /* try to determine reachability of the other Tor relays */ + dirserv_test_reachability(now); + } + return REACHABILITY_TEST_INTERVAL; +} + +DECLARE_EVENT(launch_reachability_tests, AUTHORITIES, FL(NEED_NET)); + +/** + * Periodic callback: if we're an authority, discount the stability + * information (and other rephist information) that's older. + */ +static int +downrate_stability_callback(time_t now, const or_options_t *options) +{ + (void)options; + /* 1d. Periodically, we discount older stability information so that new + * stability info counts more, and save the stability information to disk as + * appropriate. */ + time_t next = rep_hist_downrate_old_runs(now); + return safe_timer_diff(now, next); +} + +DECLARE_EVENT(downrate_stability, AUTHORITIES, 0); + +void +dirauth_add_periodic_events(void) +{ + periodic_events_add(&downrate_stability_event); + periodic_events_add(&launch_reachability_tests_event); + periodic_events_add(&save_stability_event); + periodic_events_add(&check_authority_cert_event); + periodic_events_add(&dirvote_event); +} diff --git a/src/feature/dirauth/dirauth_periodic.h b/src/feature/dirauth/dirauth_periodic.h new file mode 100644 index 000000000..680c0c4be --- /dev/null +++ b/src/feature/dirauth/dirauth_periodic.h @@ -0,0 +1,25 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef DIRVOTE_PERIODIC_H +#define DIRVOTE_PERIODIC_H + +#ifdef HAVE_MODULE_DIRAUTH + +void dirauth_add_periodic_events(void); +void reschedule_dirvote(const or_options_t *options); + +#else + +static inline void +reschedule_dirvote(const or_options_t *options) +{ + (void)options; +} + +#endif + +#endif diff --git a/src/feature/dirauth/dirauth_sys.c b/src/feature/dirauth/dirauth_sys.c new file mode 100644 index 000000000..6845e62c2 --- /dev/null +++ b/src/feature/dirauth/dirauth_sys.c @@ -0,0 +1,33 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "core/or/or.h" + +#include "feature/dirauth/dirauth_sys.h" +#include "feature/dirauth/dirvote.h" +#include "feature/dirauth/dirauth_periodic.h" +#include "lib/subsys/subsys.h" + +static int +subsys_dirauth_initialize(void) +{ + dirauth_add_periodic_events(); + return 0; +} + +static void +subsys_dirauth_shutdown(void) +{ + dirvote_free_all(); +} + +const struct subsys_fns_t sys_dirauth = { + .name = "dirauth", + .supported = true, + .level = 70, + .initialize = subsys_dirauth_initialize, + .shutdown = subsys_dirauth_shutdown, +}; diff --git a/src/feature/dirauth/dirauth_sys.h b/src/feature/dirauth/dirauth_sys.h new file mode 100644 index 000000000..e10f4c958 --- /dev/null +++ b/src/feature/dirauth/dirauth_sys.h @@ -0,0 +1,12 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef DIRAUTH_SYS_H +#define DIRAUTH_SYS_H + +extern const struct subsys_fns_t sys_dirauth; + +#endif diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index ee22e1632..8b0fc102c 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -82,6 +82,7 @@ #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" +#include "feature/dirauth/dirauth_periodic.h" #include "feature/dirauth/dirvote.h" #include "feature/dirauth/authmode.h" #include "feature/dirauth/shared_random.h"

1 0

[tor/master] Merge branch 'tor-github/pr/993'
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit a44aca5453ca944369a9ab9b589499bed56c3599 Merge: 86f8dfe41 b7cc631d2 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Apr 30 19:13:57 2019 +0300 Merge branch 'tor-github/pr/993' changes/ticket30293 | 5 + scripts/maint/practracker/exceptions.txt | 6 +- src/app/config/config.c | 1 + src/app/main/shutdown.c | 3 - src/app/main/subsystem_list.c | 9 ++ src/core/include.am | 6 + src/core/mainloop/mainloop.c | 251 ++++--------------------------- src/core/mainloop/mainloop.h | 5 +- src/core/mainloop/mainloop_sys.c | 32 ++++ src/core/mainloop/mainloop_sys.h | 12 ++ src/core/mainloop/periodic.c | 198 ++++++++++++++++++++++-- src/core/mainloop/periodic.h | 13 +- src/feature/dirauth/dirauth_periodic.c | 142 +++++++++++++++++ src/feature/dirauth/dirauth_periodic.h | 25 +++ src/feature/dirauth/dirauth_sys.c | 33 ++++ src/feature/dirauth/dirauth_sys.h | 12 ++ src/feature/nodelist/networkstatus.c | 1 + src/test/test_periodic_event.c | 39 ++--- 18 files changed, 532 insertions(+), 261 deletions(-)

1 0

[tor/master] Turn 'mainloop' into a subsystem.
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit 6eb1b8da0ab2a58157c4eb7db0a8471cb9dfefda Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 25 14:20:41 2019 -0400 Turn 'mainloop' into a subsystem. We need a little refactoring for this to work, since the initialization code for the periodic events assumes that libevent is already initialized, which it can't be until it's configured. This change, combined with the previous ones, lets other subsystems declare their own periodic events, without mainloop.c having to know about them. Implements ticket 30293. --- src/app/main/shutdown.c | 2 -- src/app/main/subsystem_list.c | 3 +++ src/core/include.am | 2 ++ src/core/mainloop/mainloop.c | 16 ++++++++-------- src/core/mainloop/mainloop.h | 2 +- src/core/mainloop/mainloop_sys.c | 32 ++++++++++++++++++++++++++++++++ src/core/mainloop/mainloop_sys.h | 12 ++++++++++++ src/test/test_periodic_event.c | 3 +++ 8 files changed, 61 insertions(+), 11 deletions(-) diff --git a/src/app/main/shutdown.c b/src/app/main/shutdown.c index 314e33f22..2dc18e19a 100644 --- a/src/app/main/shutdown.c +++ b/src/app/main/shutdown.c @@ -18,7 +18,6 @@ #include "app/main/shutdown.h" #include "app/main/subsysmgr.h" #include "core/mainloop/connection.h" -#include "core/mainloop/mainloop.h" #include "core/mainloop/mainloop_pubsub.h" #include "core/or/channeltls.h" #include "core/or/circuitlist.h" @@ -176,7 +175,6 @@ tor_free_all(int postfork) /* stuff in main.c */ tor_mainloop_disconnect_pubsub(); - tor_mainloop_free_all(); if (!postfork) { release_lockfile(); diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c index 383417618..7ffdcc805 100644 --- a/src/app/main/subsystem_list.c +++ b/src/app/main/subsystem_list.c @@ -8,6 +8,7 @@ #include "lib/cc/compat_compiler.h" #include "lib/cc/torint.h" +#include "core/mainloop/mainloop_sys.h" #include "core/or/ocirc_event_sys.h" #include "core/or/orconn_event_sys.h" #include "feature/control/btrack_sys.h" @@ -44,6 +45,8 @@ const subsys_fns_t *tor_subsystems[] = { &sys_orconn_event, /* -33 */ &sys_ocirc_event, /* -32 */ &sys_btrack, /* -30 */ + + &sys_mainloop, /* 5 */ }; const unsigned n_tor_subsystems = ARRAY_LENGTH(tor_subsystems); diff --git a/src/core/include.am b/src/core/include.am index 982460172..4645bca76 100644 --- a/src/core/include.am +++ b/src/core/include.am @@ -24,6 +24,7 @@ LIBTOR_APP_A_SOURCES = \ src/core/mainloop/cpuworker.c \ src/core/mainloop/mainloop.c \ src/core/mainloop/mainloop_pubsub.c \ + src/core/mainloop/mainloop_sys.c \ src/core/mainloop/netstatus.c \ src/core/mainloop/periodic.c \ src/core/or/address_set.c \ @@ -222,6 +223,7 @@ noinst_HEADERS += \ src/core/mainloop/cpuworker.h \ src/core/mainloop/mainloop.h \ src/core/mainloop/mainloop_pubsub.h \ + src/core/mainloop/mainloop_sys.h \ src/core/mainloop/netstatus.h \ src/core/mainloop/periodic.h \ src/core/or/addr_policy_st.h \ diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c index ddcc3bcd7..8c90103a7 100644 --- a/src/core/mainloop/mainloop.c +++ b/src/core/mainloop/mainloop.c @@ -1550,7 +1550,7 @@ initialize_periodic_events_cb(evutil_socket_t fd, short events, void *data) /** Set up all the members of mainloop_periodic_events[], and configure them * all to be launched from a callback. */ -STATIC void +void initialize_periodic_events(void) { if (periodic_events_initialized) @@ -1563,7 +1563,6 @@ initialize_periodic_events(void) } /* Set up all periodic events. We'll launch them by roles. */ - periodic_events_setup_all(); #define NAMED_CALLBACK(name) \ STMT_BEGIN name ## _event = periodic_events_find( #name ); STMT_END @@ -1575,12 +1574,6 @@ initialize_periodic_events(void) NAMED_CALLBACK(launch_descriptor_fetches); NAMED_CALLBACK(check_dns_honesty); NAMED_CALLBACK(save_state); - - struct timeval one_second = { 1, 0 }; - initialize_periodic_events_event = tor_evtimer_new( - tor_libevent_get_base(), - initialize_periodic_events_cb, NULL); - event_add(initialize_periodic_events_event, &one_second); } STATIC void @@ -2778,6 +2771,13 @@ do_main_loop(void) */ initialize_periodic_events(); initialize_mainloop_events(); + periodic_events_setup_all(); + + struct timeval one_second = { 1, 0 }; + initialize_periodic_events_event = tor_evtimer_new( + tor_libevent_get_base(), + initialize_periodic_events_cb, NULL); + event_add(initialize_periodic_events_event, &one_second); #ifdef HAVE_SYSTEMD_209 uint64_t watchdog_delay; diff --git a/src/core/mainloop/mainloop.h b/src/core/mainloop/mainloop.h index 850918c35..2dccdf0e1 100644 --- a/src/core/mainloop/mainloop.h +++ b/src/core/mainloop/mainloop.h @@ -90,6 +90,7 @@ void mainloop_schedule_shutdown(int delay_sec); void tor_init_connection_lists(void); void initialize_mainloop_events(void); +void initialize_periodic_events(void); void tor_mainloop_free_all(void); struct token_bucket_rw_t; @@ -102,7 +103,6 @@ extern struct token_bucket_rw_t global_relayed_bucket; #ifdef MAINLOOP_PRIVATE STATIC int run_main_loop_until_done(void); STATIC void close_closeable_connections(void); -STATIC void initialize_periodic_events(void); STATIC void teardown_periodic_events(void); STATIC int get_my_roles(const or_options_t *); STATIC int check_network_participation_callback(time_t now, diff --git a/src/core/mainloop/mainloop_sys.c b/src/core/mainloop/mainloop_sys.c new file mode 100644 index 000000000..fbd5a4032 --- /dev/null +++ b/src/core/mainloop/mainloop_sys.c @@ -0,0 +1,32 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "core/or/or.h" +#include "core/mainloop/mainloop_sys.h" +#include "core/mainloop/mainloop.h" + +#include "lib/subsys/subsys.h" + +static int +subsys_mainloop_initialize(void) +{ + initialize_periodic_events(); + return 0; +} + +static void +subsys_mainloop_shutdown(void) +{ + tor_mainloop_free_all(); +} + +const struct subsys_fns_t sys_mainloop = { + .name = "mainloop", + .supported = true, + .level = 5, + .initialize = subsys_mainloop_initialize, + .shutdown = subsys_mainloop_shutdown, +}; diff --git a/src/core/mainloop/mainloop_sys.h b/src/core/mainloop/mainloop_sys.h new file mode 100644 index 000000000..14c567278 --- /dev/null +++ b/src/core/mainloop/mainloop_sys.h @@ -0,0 +1,12 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef MAINLOOP_SYS_H +#define MAINLOOP_SYS_H + +extern const struct subsys_fns_t sys_mainloop; + +#endif diff --git a/src/test/test_periodic_event.c b/src/test/test_periodic_event.c index 645274d37..19325ed3b 100644 --- a/src/test/test_periodic_event.c +++ b/src/test/test_periodic_event.c @@ -51,6 +51,7 @@ test_pe_initialize(void *arg) * need to run the main loop and then wait for a second delaying the unit * tests. Instead, we'll test the callback work indepedently elsewhere. */ initialize_periodic_events(); + periodic_events_setup_all(); set_network_participation(false); rescan_periodic_events(get_options()); @@ -110,6 +111,7 @@ test_pe_launch(void *arg) #endif initialize_periodic_events(); + periodic_events_setup_all(); /* Now that we've initialized, rescan the list to launch. */ periodic_events_on_new_options(options); @@ -300,6 +302,7 @@ test_pe_hs_service(void *arg) consider_hibernation(time(NULL)); /* Initialize the events so we can enable them */ initialize_periodic_events(); + periodic_events_setup_all(); /* Hack: We'll set a dumb fn() of each events so they don't get called when * dispatching them. We just want to test the state of the callbacks, not

1 0

[tor/master] Merge branch 'tor-github/pr/983'
by asn＠torproject.org 30 Apr '19

30 Apr '19

commit 86f8dfe41955175c9125b699320bd28a07faae6a Merge: 43c119fed 806539b40 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Apr 30 19:13:30 2019 +0300 Merge branch 'tor-github/pr/983' changes/ticket30307 | 4 ++ changes/ticket30308 | 5 +++ scripts/maint/practracker/exceptions.txt | 2 +- src/core/or/circuitbuild.c | 5 ++- src/core/or/circuitbuild.h | 4 +- src/feature/client/bridges.c | 2 +- src/feature/dirauth/voteflags.c | 2 +- src/feature/nodelist/node_select.c | 74 ++++++++++++++++++++++++++------ src/feature/nodelist/nodelist.c | 4 +- src/feature/nodelist/nodelist.h | 2 +- src/feature/nodelist/routerset.c | 2 +- src/test/test_circuitbuild.c | 2 +- src/test/test_controller.c | 2 +- src/test/test_entrynodes.c | 3 +- src/test/test_helpers.c | 2 +- src/test/test_hs_common.c | 2 +- src/test/test_routerset.c | 8 ++-- 17 files changed, 91 insertions(+), 34 deletions(-)

1 0