February 2020 - tor-commits - lists.torproject.org

[tor/master] Merge branch 'ticket33316_squashed'
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit d4d5d9d1d1dec69aa51c0b8f5040599c95d7f6f0 Merge: caa392a73 0c18c94bb Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 07:49:45 2020 -0500 Merge branch 'ticket33316_squashed' .gitignore | 2 ++ Makefile.am | 2 ++ changes/ticket33316 | 15 +++++++++++++++ src/app/main/subsystem_list.c | 18 +++++++----------- src/core/or/include.am | 2 -- src/core/or/ocirc_event.c | 11 ++--------- src/core/or/ocirc_event_sys.h | 13 ------------- src/core/or/or_sys.c | 12 ++++++++++++ src/core/or/or_sys.h | 4 ++++ src/core/or/orconn_event.c | 11 ++--------- src/core/or/orconn_event_sys.h | 12 ------------ src/feature/control/btrack.c | 2 +- src/include.am | 1 + src/lib/compress/compress.c | 2 +- src/lib/llharden/.may_include | 3 +++ src/lib/llharden/include.am | 19 +++++++++++++++++++ src/lib/llharden/lib_llharden.md | 6 ++++++ src/lib/{process => llharden}/winprocess_sys.c | 2 +- src/lib/{process => llharden}/winprocess_sys.h | 0 src/lib/net/network_sys.c | 2 +- src/lib/process/include.am | 6 ++---- src/lib/process/process_sys.c | 2 +- src/lib/thread/compat_threads.c | 4 +--- src/test/testing_common.c | 2 +- 24 files changed, 84 insertions(+), 69 deletions(-)

1 0

[tpo/master] Add language selector on top for download page
by hiro＠torproject.org 24 Feb '20

24 Feb '20

commit 2800e53b384a873a76cb6cf2c898fd6a26f5fee1 Author: hiro <hiro(a)torproject.org> Date: Mon Feb 24 13:48:44 2020 +0100 Add language selector on top for download page --- lego | 2 +- templates/navbar-min.html | 49 ++++++++++++++++++++++++++++++++++------------- 2 files changed, 37 insertions(+), 14 deletions(-) diff --git a/lego b/lego index e9dd081..fb083d6 160000 --- a/lego +++ b/lego @@ -1 +1 @@ -Subproject commit e9dd081027132aa21f6abd74be708323ff3b9180 +Subproject commit fb083d69aa0191f891d1e3243db89e474a1c8c0d diff --git a/templates/navbar-min.html b/templates/navbar-min.html index 3eb4ba1..51e0bc3 100644 --- a/templates/navbar-min.html +++ b/templates/navbar-min.html @@ -6,21 +6,44 @@ <nav class="navbar no-background navbar-expand-lg navbar-dark bg-primary p-2"> {% else %} <div class="container-fluid bg-dark"> - <nav class="navbar no-background navbar-expand-lg navbar-dark bg-dark p-2"> + <nav class="navbar no-background navbar-expand-lg navbar-dark bg-dark p-2 d-flex justify-content-between"> {% endif %} + <div> + <div class="row"> + <a class="navbar-brand" href="{{ '/'|url(alt=this.alt) }}"> + <img alt="{{ 'The Tor Project' }}" src="{{ '/static/images/tor-logo(a)2x.png'|asseturl }}" > + <span class="sr-only">Tor Logo</span> + </a> - <a class="navbar-brand" href="{{ '/'|url(alt=this.alt) }}"> - <img alt="{{ 'The Tor Project' }}" src="{{ '/static/images/tor-logo(a)2x.png'|asseturl }}" > - <span class="sr-only">Tor Logo</span> - </a> - - {% set link = bag('links', this.alt, 'donate') %} - {% if link %} - <h4 class="pl-2 pr-2"><a href="{{ link }}" title="{{ _("Donate") }}"><span class="badge badge-warning p-2">{{ _("Donate Now") }}</span></a></h4> - {% else %} - <h4 class="pl-2 pr-2"><a href="https://www.torproject.org/donate/{{ this.alt }}" title="{{ _("Donate") }}"><span class="badge badge-warning p-2">{{ _("Donate Now") }}</span></a></h4> - {% endif %} - + {% set link = bag('links', this.alt, 'donate') %} + {% if link %} + <h4 class="pl-2 pr-2 pt-3"><a href="{{ link }}" title="{{ _("Donate") }}"><span class="badge badge-warning p-2">{{ _("Donate Now") }}</span></a></h4> + {% else %} + <h4 class="pl-2 pr-2 pt-3"><a href="https://www.torproject.org/donate/{{ this.alt }}" title="{{ _("Donate") }}"><span class="badge badge-warning p-2">{{ _("Donate Now") }}</span></a></h4> + {% endif %} </div> + </div> + {% set alts = bag('alternatives').items() %} + {% if alts|length > 1 %} + <div class="btn-group dropdown float-right"> + {% if not this.color %} + <button type="button" class="btn btn-primary bg-primary dropdown-toggle btn-block" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> + {% elif this.color == 'primary' %} + <button type="button" class="btn btn-primary bg-primary dropdown-toggle btn-block" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> + {% else %} + <button type="button" class="btn btn-dark bg-dark dropdown-toggle btn-block my-3 my-sm-0" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> + {% endif %} + {{ bag('alternatives', this.alt, 'language') }} + </button> + <div class="dropdown-menu"> + {% for id, item in bag('alternatives').items() %} + {% if this.alt != id %} + <a class="dropdown-item" href="{{ this.path|url(alt=id) }}">{{ item.language }}</a> + {% endif %} + {% endfor %} + </div> + </div> + {% endif %} + </nav> </div>

1 0

[tor/master] hs-v3: Extract INTRO2 key computation to its own function.
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit f1498e75ddf8e493edecf940616703c36fa17de8 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Dec 10 13:54:47 2019 +0200 hs-v3: Extract INTRO2 key computation to its own function. Part of #32709 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_cell.c | 92 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 61 insertions(+), 31 deletions(-) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 52bd66320..d59ea9edb 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -747,6 +747,61 @@ hs_cell_parse_intro_established(const uint8_t *payload, size_t payload_len) return ret; } +/** For the encrypted INTRO2 cell in <b>encrypted_section</b>, use the crypto + * material in <b>data</b> to compute the right ntor keys. Also validate the + * INTRO2 MAC to ensure that the keys are the right ones. + * + * Return NULL on failure to either produce the key material or on MAC + * valication. Else a newly allocated intro keys object. */ +static hs_ntor_intro_cell_keys_t * +get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data, + const uint8_t *encrypted_section, + size_t encrypted_section_len) +{ + hs_ntor_intro_cell_keys_t *intro_keys = NULL; + + /* Build the key material out of the key material found in the cell. */ + intro_keys = get_introduce2_key_material(data->auth_pk, data->enc_kp, + data->subcredential, + encrypted_section, + &data->client_pk); + if (intro_keys == NULL) { + log_info(LD_REND, "Invalid INTRODUCE2 encrypted data. Unable to " + "compute key material"); + goto err; + } + + /* Validate MAC from the cell and our computed key material. The MAC field + * in the cell is at the end of the encrypted section. */ + { + uint8_t mac[DIGEST256_LEN]; + /* The MAC field is at the very end of the ENCRYPTED section. */ + size_t mac_offset = encrypted_section_len - sizeof(mac); + /* Compute the MAC. Use the entire encoded payload with a length up to the + * ENCRYPTED section. */ + compute_introduce_mac(data->payload, + data->payload_len - encrypted_section_len, + encrypted_section, encrypted_section_len, + intro_keys->mac_key, sizeof(intro_keys->mac_key), + mac, sizeof(mac)); + if (tor_memcmp(mac, encrypted_section + mac_offset, sizeof(mac))) { + log_info(LD_REND, "Invalid MAC validation for INTRODUCE2 cell"); + goto err; + } + } + + goto done; + + err: + if (intro_keys) { + memwipe(intro_keys, 0, sizeof(hs_ntor_intro_cell_keys_t)); + tor_free(intro_keys); + } + + done: + return intro_keys; +} + /** Parse the INTRODUCE2 cell using data which contains everything we need to * do so and contains the destination buffers of information we extract and * compute from the cell. Return 0 on success else a negative value. The @@ -801,41 +856,16 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, goto done; } - /* Build the key material out of the key material found in the cell. */ - intro_keys = get_introduce2_key_material(data->auth_pk, data->enc_kp, - data->subcredential, - encrypted_section, - &data->client_pk); - if (intro_keys == NULL) { - log_info(LD_REND, "Invalid INTRODUCE2 encrypted data. Unable to " - "compute key material on circuit %u for service %s", - TO_CIRCUIT(circ)->n_circ_id, + /* Get the right INTRODUCE2 ntor keys and verify the cell MAC */ + intro_keys = get_introduce2_keys_and_verify_mac(data, encrypted_section, + encrypted_section_len); + if (!intro_keys) { + log_info(LD_REND, "Could not get valid INTRO2 keys on circuit %u " + "for service %s", TO_CIRCUIT(circ)->n_circ_id, safe_str_client(service->onion_address)); goto done; } - /* Validate MAC from the cell and our computed key material. The MAC field - * in the cell is at the end of the encrypted section. */ - { - uint8_t mac[DIGEST256_LEN]; - /* The MAC field is at the very end of the ENCRYPTED section. */ - size_t mac_offset = encrypted_section_len - sizeof(mac); - /* Compute the MAC. Use the entire encoded payload with a length up to the - * ENCRYPTED section. */ - compute_introduce_mac(data->payload, - data->payload_len - encrypted_section_len, - encrypted_section, encrypted_section_len, - intro_keys->mac_key, sizeof(intro_keys->mac_key), - mac, sizeof(mac)); - if (tor_memcmp(mac, encrypted_section + mac_offset, sizeof(mac))) { - log_info(LD_REND, "Invalid MAC validation for INTRODUCE2 cell on " - "circuit %u for service %s", - TO_CIRCUIT(circ)->n_circ_id, - safe_str_client(service->onion_address)); - goto done; - } - } - { /* The ENCRYPTED_DATA section starts just after the CLIENT_PK. */ const uint8_t *encrypted_data =

1 0

[tor/master] hs-v3: Implement hs_parse_address_no_log()
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit 16a201e7039577070201828750e0b092f0e8eb7f Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jan 13 12:15:14 2020 -0500 hs-v3: Implement hs_parse_address_no_log() The hs_parse_address() can not be used without an options_t object existing since on error it uses the escaped_safe_str() that looks at the options. This new function won't log and returns an error message in case of failure that can then be used to log. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_common.c | 41 +++++++++++++++++++++++++++++++---------- src/feature/hs/hs_common.h | 4 ++++ src/test/test_hs_common.c | 6 +++--- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c index f8b031cc2..47594b582 100644 --- a/src/feature/hs/hs_common.c +++ b/src/feature/hs/hs_common.c @@ -909,30 +909,35 @@ hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn) * case the caller would want only one field. checksum_out MUST at least be 2 * bytes long. * - * Return 0 if parsing went well; return -1 in case of error. */ + * Return 0 if parsing went well; return -1 in case of error and if errmsg is + * non NULL, a human readable string message is set. */ int -hs_parse_address(const char *address, ed25519_public_key_t *key_out, - uint8_t *checksum_out, uint8_t *version_out) +hs_parse_address_no_log(const char *address, ed25519_public_key_t *key_out, + uint8_t *checksum_out, uint8_t *version_out, + const char **errmsg) { char decoded[HS_SERVICE_ADDR_LEN]; tor_assert(address); + if (errmsg) { + *errmsg = NULL; + } + /* Obvious length check. */ if (strlen(address) != HS_SERVICE_ADDR_LEN_BASE32) { - log_warn(LD_REND, "Service address %s has an invalid length. " - "Expected %lu but got %lu.", - escaped_safe_str(address), - (unsigned long) HS_SERVICE_ADDR_LEN_BASE32, - (unsigned long) strlen(address)); + if (errmsg) { + *errmsg = "Invalid length"; + } goto invalid; } /* Decode address so we can extract needed fields. */ if (base32_decode(decoded, sizeof(decoded), address, strlen(address)) != sizeof(decoded)) { - log_warn(LD_REND, "Service address %s can't be decoded.", - escaped_safe_str(address)); + if (errmsg) { + *errmsg = "Unable to base32 decode"; + } goto invalid; } @@ -944,6 +949,22 @@ hs_parse_address(const char *address, ed25519_public_key_t *key_out, return -1; } +/** Same has hs_parse_address_no_log() but emits a log warning on parsing + * failure. */ +int +hs_parse_address(const char *address, ed25519_public_key_t *key_out, + uint8_t *checksum_out, uint8_t *version_out) +{ + const char *errmsg = NULL; + int ret = hs_parse_address_no_log(address, key_out, checksum_out, + version_out, &errmsg); + if (ret < 0) { + log_warn(LD_REND, "Service address %s failed to be parsed: %s", + escaped_safe_str(address), errmsg); + } + return ret; +} + /** Validate a given onion address. The length, the base32 decoding, and * checksum are validated. Return 1 if valid else 0. */ int diff --git a/src/feature/hs/hs_common.h b/src/feature/hs/hs_common.h index 8f743d4d3..2bcf0f67c 100644 --- a/src/feature/hs/hs_common.h +++ b/src/feature/hs/hs_common.h @@ -179,6 +179,10 @@ void hs_build_address(const struct ed25519_public_key_t *key, uint8_t version, int hs_address_is_valid(const char *address); int hs_parse_address(const char *address, struct ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out); +int hs_parse_address_no_log(const char *address, + struct ed25519_public_key_t *key_out, + uint8_t *checksum_out, uint8_t *version_out, + const char **errmsg); void hs_build_blinded_pubkey(const struct ed25519_public_key_t *pubkey, const uint8_t *secret, size_t secret_len, diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index 61306778d..20f88b637 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -53,14 +53,14 @@ test_validate_address(void *arg) setup_full_capture_of_logs(LOG_WARN); ret = hs_address_is_valid("blah"); tt_int_op(ret, OP_EQ, 0); - expect_log_msg_containing("has an invalid length"); + expect_log_msg_containing("Invalid length"); teardown_capture_of_logs(); setup_full_capture_of_logs(LOG_WARN); ret = hs_address_is_valid( "p3xnclpu4mu22dwaurjtsybyqk4xfjmcfz6z62yl24uwmhjatiwnlnadb"); tt_int_op(ret, OP_EQ, 0); - expect_log_msg_containing("has an invalid length"); + expect_log_msg_containing("Invalid length"); teardown_capture_of_logs(); /* Invalid checksum (taken from prop224) */ @@ -83,7 +83,7 @@ test_validate_address(void *arg) ret = hs_address_is_valid( "????????????????????????????????????????????????????????"); tt_int_op(ret, OP_EQ, 0); - expect_log_msg_containing("can't be decoded"); + expect_log_msg_containing("Unable to base32 decode"); teardown_capture_of_logs(); /* Valid address. */

1 0

[tor/master] hs-v3: Add the Onion Balance config file option
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit ef28afa2551a6827d85ceb00d8fe2a69d1605795 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Jan 9 14:51:56 2020 -0500 hs-v3: Add the Onion Balance config file option At this commit, the service reads the config file and parse it to finally set the service config object with the options. Part of #32709 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/app/config/config.c | 2 + src/feature/hs/hs_config.c | 25 ++++- src/feature/hs/hs_ob.c | 222 ++++++++++++++++++++++++++++++++++++++++++++ src/feature/hs/hs_ob.h | 29 ++++++ src/feature/hs/hs_service.c | 5 + src/feature/hs/hs_service.h | 6 +- src/feature/hs/include.am | 2 + 7 files changed, 289 insertions(+), 2 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index bbf984ad0..57aa055e7 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -510,6 +510,8 @@ static const config_var_t option_vars_[] = { LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceEnableIntroDoSBurstPerSec", LINELIST_S, RendConfigLines, NULL), + VAR("HiddenServiceOnionBalanceInstance", + LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"), V(HidServAuth, LINELIST, NULL), V(ClientOnionAuthDir, FILENAME, NULL), diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c index 64656b193..684f7bc97 100644 --- a/src/feature/hs/hs_config.c +++ b/src/feature/hs/hs_config.c @@ -26,6 +26,7 @@ #include "feature/hs/hs_common.h" #include "feature/hs/hs_config.h" #include "feature/hs/hs_client.h" +#include "feature/hs/hs_ob.h" #include "feature/hs/hs_service.h" #include "feature/rend/rendclient.h" #include "feature/rend/rendservice.h" @@ -219,6 +220,7 @@ config_has_invalid_options(const config_line_t *line_, "HiddenServiceEnableIntroDoSDefense", "HiddenServiceEnableIntroDoSRatePerSec", "HiddenServiceEnableIntroDoSBurstPerSec", + "HiddenServiceOnionBalanceInstance", NULL /* End marker. */ }; @@ -317,7 +319,7 @@ config_service_v3(const config_line_t *line_, int have_num_ip = 0; bool export_circuit_id = false; /* just to detect duplicate options */ bool dos_enabled = false, dos_rate_per_sec = false; - bool dos_burst_per_sec = false; + bool dos_burst_per_sec = false, ob_instance = false; const char *dup_opt_seen = NULL; const config_line_t *line; @@ -402,6 +404,27 @@ config_service_v3(const config_line_t *line_, config->intro_dos_burst_per_sec); continue; } + if (!strcasecmp(line->key, "HiddenServiceOnionBalanceInstance")) { + bool enabled = !!helper_parse_uint64(line->key, line->value, + 0, 1, &ok); + if (!ok || ob_instance) { + if (ob_instance) { + dup_opt_seen = line->key; + } + goto err; + } + ob_instance = true; + if (!enabled) { + /* Skip if this is disabled. */ + continue; + } + /* Option is enabled, parse config file. */ + ok = hs_ob_parse_config_file(config); + if (!ok) { + goto err; + } + continue; + } } /* We do not load the key material for the service at this stage. This is diff --git a/src/feature/hs/hs_ob.c b/src/feature/hs/hs_ob.c new file mode 100644 index 000000000..633b157a0 --- /dev/null +++ b/src/feature/hs/hs_ob.c @@ -0,0 +1,222 @@ +/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file hs_ob.c + * \brief Implement Onion Balance specific code. + * + * \details + * + * XXX: + **/ + +#define HS_OB_PRIVATE + +#include "lib/confmgt/confmgt.h" +#include "lib/encoding/confline.h" + +#include "hs_ob.h" + +/* Options config magic number. */ +#define OB_OPTIONS_MAGIC 0x631DE7EA + +/* Helper macros. */ +#define VAR(varname, conftype, member, initvalue) \ + CONFIG_VAR_ETYPE(ob_options_t, varname, conftype, member, 0, initvalue) +#define V(member,conftype,initvalue) \ + VAR(#member, conftype, member, initvalue) + +/* Dummy instance of ob_options_t, used for type-checking its members with + * CONF_CHECK_VAR_TYPE. */ +DUMMY_TYPECHECK_INSTANCE(ob_options_t); + +/* Array of variables for the config file options. */ +static const config_var_t config_vars[] = { + V(MasterOnionAddress, LINELIST, NULL), + + END_OF_CONFIG_VARS +}; + +/* "Extra" variable in the state that receives lines we can't parse. This + * lets us preserve options from versions of Tor newer than us. */ +static const struct_member_t config_extra_vars = { + .name = "__extra", + .type = CONFIG_TYPE_LINELIST, + .offset = offsetof(ob_options_t, ExtraLines), +}; + +/* Configuration format of ob_options_t. */ +static const config_format_t config_format = { + .size = sizeof(ob_options_t), + .magic = { + "ob_options_t", + OB_OPTIONS_MAGIC, + offsetof(ob_options_t, magic_), + }, + .vars = config_vars, + .extra = &config_extra_vars, +}; + +/* Global configuration manager for the config file. */ +static config_mgr_t *config_options_mgr = NULL; + +/* Return the configuration manager for the config file. */ +static const config_mgr_t * +get_config_options_mgr(void) +{ + if (PREDICT_UNLIKELY(config_options_mgr == NULL)) { + config_options_mgr = config_mgr_new(&config_format); + config_mgr_freeze(config_options_mgr); + } + return config_options_mgr; +} + +#define ob_option_free(val) \ + FREE_AND_NULL(ob_options_t, ob_option_free_, (val)) + +/** Helper: Free a config options object. */ +static void +ob_option_free_(ob_options_t *opts) +{ + if (opts == NULL) { + return; + } + config_free(get_config_options_mgr(), opts); +} + +/** Return an allocated config options object. */ +static ob_options_t * +ob_option_new(void) +{ + ob_options_t *opts = config_new(get_config_options_mgr()); + config_init(get_config_options_mgr(), opts); + return opts; +} + +/** Helper function: From the configuration line value which is an onion + * address with the ".onion" extension, find the public key and put it in + * pkey_out. + * + * On success, true is returned. Else, false and pkey is untouched. */ +static bool +get_onion_public_key(const char *value, ed25519_public_key_t *pkey_out) +{ + char address[HS_SERVICE_ADDR_LEN_BASE32 + 1]; + + tor_assert(value); + tor_assert(pkey_out); + + if (strcmpend(value, ".onion")) { + /* Not a .onion extension, bad format. */ + return false; + } + + /* Length validation. The -1 is because sizeof() counts the NUL byte. */ + if (strlen(value) > + (HS_SERVICE_ADDR_LEN_BASE32 + sizeof(".onion") - 1)) { + /* Too long, bad format. */ + return false; + } + + /* We don't want the .onion so we add 2 because size - 1 is copied with + * strlcpy() in order to accomodate the NUL byte and sizeof() counts the NUL + * byte so we need to remove them from the equation. */ + strlcpy(address, value, strlen(value) - sizeof(".onion") + 2); + + if (hs_parse_address_no_log(address, pkey_out, NULL, NULL, NULL) < 0) { + return false; + } + + /* Success. */ + return true; +} + +/** Parse the given ob options in opts and set the service config object + * accordingly. + * + * Return 1 on success else 0. */ +static int +ob_option_parse(hs_service_config_t *config, const ob_options_t *opts) +{ + int ret = 0; + config_line_t *line; + + tor_assert(config); + tor_assert(opts); + + for (line = opts->MasterOnionAddress; line; line = line->next) { + /* Allocate config list if need be. */ + if (!config->ob_master_pubkeys) { + config->ob_master_pubkeys = smartlist_new(); + } + ed25519_public_key_t *pubkey = tor_malloc_zero(sizeof(*pubkey)); + + if (!get_onion_public_key(line->value, pubkey)) { + log_warn(LD_REND, "OnionBalance: MasterOnionAddress %s is invalid", + line->value); + tor_free(pubkey); + goto end; + } + smartlist_add(config->ob_master_pubkeys, pubkey); + } + /* Success. */ + ret = 1; + + end: + /* No keys added, we free the list since no list means no onion balance + * support for this tor instance. */ + if (smartlist_len(config->ob_master_pubkeys) == 0) { + smartlist_free(config->ob_master_pubkeys); + } + return ret; +} + +/** Read and parse the config file at fname on disk. The service config object + * is populated with the options if any. + * + * Return 1 on success else 0. This is to follow the "ok" convention in + * hs_config.c. */ +int +hs_ob_parse_config_file(hs_service_config_t *config) +{ + static const char *fname = "ob_config"; + int ret = 0; + char *content = NULL, *errmsg = NULL, *config_file_path = NULL; + ob_options_t *options = NULL; + config_line_t *lines = NULL; + + tor_assert(config); + + /* Read file from disk. */ + config_file_path = hs_path_from_filename(config->directory_path, fname); + content = read_file_to_str(config_file_path, 0, NULL); + if (!content) { + log_warn(LD_FS, "OnionBalance: Unable to read config file %s", + escaped(config_file_path)); + goto end; + } + + /* Parse lines. */ + if (config_get_lines(content, &lines, 0) < 0) { + goto end; + } + + options = ob_option_new(); + config_assign(get_config_options_mgr(), options, lines, 0, &errmsg); + if (errmsg) { + log_warn(LD_REND, "OnionBalance: Unable to parse config file: %s", + errmsg); + tor_free(errmsg); + goto end; + } + + /* Parse the options and set the service config object with the details. */ + ret = ob_option_parse(config, options); + + end: + config_free_lines(lines); + ob_option_free(options); + tor_free(content); + tor_free(config_file_path); + return ret; +} diff --git a/src/feature/hs/hs_ob.h b/src/feature/hs/hs_ob.h new file mode 100644 index 000000000..d16896f2e --- /dev/null +++ b/src/feature/hs/hs_ob.h @@ -0,0 +1,29 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file hs_ob.h + * \brief Header file for the specific code for onion balance. + **/ + +#ifndef TOR_HS_OB_H +#define TOR_HS_OB_H + +#include "hs_service.h" + +int hs_ob_parse_config_file(hs_service_config_t *config); + +#ifdef HS_OB_PRIVATE + +typedef struct ob_options_t { + /** Magic number to identify the structure in memory. */ + uint32_t magic_; + /** Master Onion Address(es). */ + struct config_line_t *MasterOnionAddress; + /** Extra Lines for configuration we might not know. */ + struct config_line_t *ExtraLines; +} ob_options_t; + +#endif /* defined(HS_OB_PRIVATE) */ + +#endif /* !defined(TOR_HS_OB_H) */ diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 81b37eab4..d0d9d6579 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -267,6 +267,11 @@ service_clear_config(hs_service_config_t *config) service_authorized_client_free(p)); smartlist_free(config->clients); } + if (config->ob_master_pubkeys) { + SMARTLIST_FOREACH(config->ob_master_pubkeys, ed25519_public_key_t *, k, + tor_free(k)); + smartlist_free(config->ob_master_pubkeys); + } memset(config, 0, sizeof(*config)); } diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h index 8809411e0..bdc2bc3b6 100644 --- a/src/feature/hs/hs_service.h +++ b/src/feature/hs/hs_service.h @@ -248,10 +248,14 @@ typedef struct hs_service_config_t { /** Does this service export the circuit ID of its clients? */ hs_circuit_id_protocol_t circuit_id_protocol; - /* DoS defenses. For the ESTABLISH_INTRO cell extension. */ + /** DoS defenses. For the ESTABLISH_INTRO cell extension. */ unsigned int has_dos_defense_enabled : 1; uint32_t intro_dos_rate_per_sec; uint32_t intro_dos_burst_per_sec; + + /** If set, contains the Onion Balance master ed25519 public key (taken from + * an .onion addresses) that this tor instance serves as backend. */ + smartlist_t *ob_master_pubkeys; } hs_service_config_t; /** Service state. */ diff --git a/src/feature/hs/include.am b/src/feature/hs/include.am index 5e69607e5..f83907c76 100644 --- a/src/feature/hs/include.am +++ b/src/feature/hs/include.am @@ -13,6 +13,7 @@ LIBTOR_APP_A_SOURCES += \ src/feature/hs/hs_dos.c \ src/feature/hs/hs_ident.c \ src/feature/hs/hs_intropoint.c \ + src/feature/hs/hs_ob.c \ src/feature/hs/hs_service.c \ src/feature/hs/hs_stats.c @@ -30,6 +31,7 @@ noinst_HEADERS += \ src/feature/hs/hs_dos.h \ src/feature/hs/hs_ident.h \ src/feature/hs/hs_intropoint.h \ + src/feature/hs/hs_ob.h \ src/feature/hs/hs_service.h \ src/feature/hs/hs_stats.h \ src/feature/hs/hsdir_index_st.h

1 0

[tor/master] hs-v3: Validate INTRO2 cells for onion balance
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit 02f1caa583ca0e09e4c75ff6d9399f5d53931d2b Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Jan 9 15:18:32 2020 -0500 hs-v3: Validate INTRO2 cells for onion balance Closes #32709 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_cell.c | 78 ++++++++++++++++++++++++++++++++++---- src/feature/hs/hs_ob.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++++ src/feature/hs/hs_ob.h | 3 ++ 3 files changed, 171 insertions(+), 7 deletions(-) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index d59ea9edb..680897cf9 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -13,6 +13,7 @@ #include "feature/hs_common/replaycache.h" #include "feature/hs/hs_cell.h" +#include "feature/hs/hs_ob.h" #include "core/crypto/hs_ntor.h" #include "core/or/origin_circuit_st.h" @@ -802,6 +803,47 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data, return intro_keys; } +/** Return the newly allocated intro keys using the given service + * configuration and INTRODUCE2 data for the cell encrypted section. + * + * Every onion balance configured master key will be tried. If NULL is + * returned, no hit was found for the onion balance keys. */ +static hs_ntor_intro_cell_keys_t * +get_intro2_keys_as_ob(const hs_service_config_t *config, + const hs_cell_introduce2_data_t *data, + const uint8_t *encrypted_section, + size_t encrypted_section_len) +{ + uint8_t *ob_subcreds = NULL; + size_t ob_num_subcreds; + hs_ntor_intro_cell_keys_t *intro_keys = NULL; + + ob_num_subcreds = hs_ob_get_subcredentials(config, &ob_subcreds); + if (!ob_num_subcreds) { + /* We are _not_ an OB instance since no configured master onion key(s) + * were found and thus no subcredentials were built. */ + goto end; + } + + for (size_t idx = 0; idx < ob_num_subcreds; idx++) { + /* Copy current data into a new INTRO2 cell data. We will then change the + * subcredential in order to validate. */ + hs_cell_introduce2_data_t new_data = *data; + new_data.subcredential = &(ob_subcreds[idx * DIGEST256_LEN]); + intro_keys = get_introduce2_keys_and_verify_mac(&new_data, + encrypted_section, + encrypted_section_len); + if (intro_keys) { + /* It validates. We have a hit as an onion balance instance. */ + goto end; + } + } + + end: + tor_free(ob_subcreds); + return intro_keys; +} + /** Parse the INTRODUCE2 cell using data which contains everything we need to * do so and contains the destination buffers of information we extract and * compute from the cell. Return 0 on success else a negative value. The @@ -856,14 +898,36 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, goto done; } - /* Get the right INTRODUCE2 ntor keys and verify the cell MAC */ - intro_keys = get_introduce2_keys_and_verify_mac(data, encrypted_section, - encrypted_section_len); + /* First bytes of the ENCRYPTED section are the client public key (they are + * guaranteed to exist because of the length check above). We are gonna use + * the client public key to compute the ntor keys and decrypt the payload: + */ + memcpy(&data->client_pk.public_key, encrypted_section, + CURVE25519_PUBKEY_LEN); + + /* If we are configured as an Onion Balance instance, we need to try + * validation with the configured master public keys given in the config + * file. This is because the master identity key and the blinded key is put + * in the INTRODUCE2 cell by the client thus it will never validate with + * this instance default public key. */ + if (service->config.ob_master_pubkeys) { + intro_keys = get_intro2_keys_as_ob(&service->config, data, + encrypted_section, + encrypted_section_len); + } if (!intro_keys) { - log_info(LD_REND, "Could not get valid INTRO2 keys on circuit %u " - "for service %s", TO_CIRCUIT(circ)->n_circ_id, - safe_str_client(service->onion_address)); - goto done; + /* We are not an onion balance instance or no keys matched, fallback to + * our default values. */ + + /* Get the right INTRODUCE2 ntor keys and verify the cell MAC */ + intro_keys = get_introduce2_keys_and_verify_mac(data, encrypted_section, + encrypted_section_len); + if (!intro_keys) { + log_info(LD_REND, "Could not get valid INTRO2 keys on circuit %u " + "for service %s", TO_CIRCUIT(circ)->n_circ_id, + safe_str_client(service->onion_address)); + goto done; + } } { diff --git a/src/feature/hs/hs_ob.c b/src/feature/hs/hs_ob.c index 633b157a0..7e84af3d9 100644 --- a/src/feature/hs/hs_ob.c +++ b/src/feature/hs/hs_ob.c @@ -158,6 +158,8 @@ ob_option_parse(hs_service_config_t *config, const ob_options_t *opts) goto end; } smartlist_add(config->ob_master_pubkeys, pubkey); + log_info(LD_REND, "OnionBalance: MasterOnionAddress %s registered", + line->value); } /* Success. */ ret = 1; @@ -171,6 +173,26 @@ ob_option_parse(hs_service_config_t *config, const ob_options_t *opts) return ret; } +/** For the given master public key and time period, compute the subcredential + * and put them into subcredential. The subcredential parameter needs to be at + * least DIGEST256_LEN in size. */ +static void +build_subcredential(const ed25519_public_key_t *pkey, uint64_t tp, + uint8_t *subcredential) +{ + ed25519_public_key_t blinded_pubkey; + + tor_assert(pkey); + tor_assert(subcredential); + + hs_build_blinded_pubkey(pkey, NULL, 0, tp, &blinded_pubkey); + hs_get_subcredential(pkey, &blinded_pubkey, subcredential); +} + +/* + * Public API. + */ + /** Read and parse the config file at fname on disk. The service config object * is populated with the options if any. * @@ -220,3 +242,78 @@ hs_ob_parse_config_file(hs_service_config_t *config) tor_free(config_file_path); return ret; } + +/** Compute all possible subcredentials for every onion master key in the + * given service config object. The subcredentials is allocated and set as an + * continous array containing all possible values. + * + * On success, return the number of subcredential put in the array which will + * correspond to an arry of size: n * DIGEST256_LEN where DIGEST256_LEN is the + * length of a single subcredential. + * + * If the given configuration object has no OB master keys configured, 0 is + * returned and subcredentials is set to NULL. + * + * Otherwise, this can't fail. */ +size_t +hs_ob_get_subcredentials(const hs_service_config_t *config, + uint8_t **subcredentials) +{ + unsigned int num_pkeys, idx = 0; + uint8_t *subcreds = NULL; + const int steps[3] = {0, -1, 1}; + const unsigned int num_steps = ARRAY_LENGTH(steps); + const size_t subcred_len = DIGEST256_LEN; + const uint64_t tp = hs_get_time_period_num(0); + + tor_assert(config); + tor_assert(subcredentials); + + num_pkeys = smartlist_len(config->ob_master_pubkeys); + if (!num_pkeys) { + goto end; + } + + /* Time to build all the subcredentials for each time period: the previous + * one (-1), the current one (0) and the next one (1) for each configured + * key in order to accomodate client and service consensus skew. + * + * If the client consensus after_time is at 23:00 but the service one is at + * 01:00, the client will be using the previous time period where the + * service will think it is the client next time period. Thus why we have + * to try them all. + * + * The normal use case works because the service gets the descriptor object + * that corresponds to the intro point's request, and because each + * descriptor corresponds to a specific subcredential, we get the right + * subcredential out of it, and use that to do the decryption. + * + * As a slight optimization, statistically, the current time period (0) will + * be the one to work first so we'll put them first in the array to maximize + * our chance of success. */ + + /* We use a flat array, not a smartlist_t, in order to minimize memory + * allocation. This function is called for _each_ INTRODUCE2 cell arriving + * on this instance and thus the less we allocate small chunks often, + * usually the healthier our overall memory will be. + * + * Size of array is: length of a single subcredential multiplied by the + * number of time period we need to compute and finally multiplied by the + * total number of keys we are about to process. In other words, for each + * key, we allocate 3 subcredential slots. */ + subcreds = tor_malloc_zero(subcred_len * num_steps * num_pkeys); + + /* For each time period step. */ + for (unsigned int i = 0; i < num_steps; i++) { + SMARTLIST_FOREACH_BEGIN(config->ob_master_pubkeys, + const ed25519_public_key_t *, pkey) { + build_subcredential(pkey, tp + steps[i], + &(subcreds[idx * subcred_len])); + idx++; + } SMARTLIST_FOREACH_END(pkey); + } + + end: + *subcredentials = subcreds; + return idx; +} diff --git a/src/feature/hs/hs_ob.h b/src/feature/hs/hs_ob.h index d16896f2e..8ad6aabc4 100644 --- a/src/feature/hs/hs_ob.h +++ b/src/feature/hs/hs_ob.h @@ -13,6 +13,9 @@ int hs_ob_parse_config_file(hs_service_config_t *config); +size_t hs_ob_get_subcredentials(const hs_service_config_t *config, + uint8_t **subcredentials); + #ifdef HS_OB_PRIVATE typedef struct ob_options_t {

1 0

[tor/master] test: Add HS onion balance tests
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit 7c18860c3e0403246af0d9d79cecc79f97c7f2d6 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Jan 14 11:29:08 2020 -0500 test: Add HS onion balance tests Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/test/include.am | 1 + src/test/test.c | 1 + src/test/test.h | 1 + src/test/test_hs_ob.c | 231 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 234 insertions(+) diff --git a/src/test/include.am b/src/test/include.am index 90e50752c..3590745ba 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -167,6 +167,7 @@ src_test_test_SOURCES += \ src/test/test_hs_client.c \ src/test/test_hs_intropoint.c \ src/test/test_hs_control.c \ + src/test/test_hs_ob.c \ src/test/test_handles.c \ src/test/test_hs_cache.c \ src/test/test_hs_descriptor.c \ diff --git a/src/test/test.c b/src/test/test.c index 1742f1d95..4b6082ce4 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -721,6 +721,7 @@ struct testgroup_t testgroups[] = { { "hs_dos/", hs_dos_tests }, { "hs_intropoint/", hs_intropoint_tests }, { "hs_ntor/", hs_ntor_tests }, + { "hs_ob/", hs_ob_tests }, { "hs_service/", hs_service_tests }, { "introduce/", introduce_tests }, { "keypin/", keypin_tests }, diff --git a/src/test/test.h b/src/test/test.h index 63e2faff9..18987719d 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -141,6 +141,7 @@ extern struct testcase_t hs_descriptor[]; extern struct testcase_t hs_dos_tests[]; extern struct testcase_t hs_intropoint_tests[]; extern struct testcase_t hs_ntor_tests[]; +extern struct testcase_t hs_ob_tests[]; extern struct testcase_t hs_service_tests[]; extern struct testcase_t hs_tests[]; extern struct testcase_t introduce_tests[]; diff --git a/src/test/test_hs_ob.c b/src/test/test_hs_ob.c new file mode 100644 index 000000000..37c57f795 --- /dev/null +++ b/src/test/test_hs_ob.c @@ -0,0 +1,231 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file test_hs_ob.c + * \brief Test hidden service onion balance functionality. + */ + +#define CONFIG_PRIVATE +#define HS_SERVICE_PRIVATE + +#include "test/test.h" +#include "test/test_helpers.h" +#include "test/log_test_helpers.h" + +#include "app/config/config.h" +#include "feature/hs/hs_config.h" +#include "feature/hs/hs_ob.h" +#include "feature/hs/hs_service.h" +#include "feature/nodelist/networkstatus.h" +#include "feature/nodelist/networkstatus_st.h" + +static ed25519_keypair_t onion_addr_kp_1; +static char onion_addr_1[HS_SERVICE_ADDR_LEN_BASE32 + 1]; + +static ed25519_keypair_t onion_addr_kp_2; +static char onion_addr_2[HS_SERVICE_ADDR_LEN_BASE32 + 1]; + +static bool config_is_good = true; + +static int +helper_tor_config(const char *conf) +{ + int ret = -1; + or_options_t *options = helper_parse_options(conf); + tt_assert(options); + ret = hs_config_service_all(options, 0); + done: + or_options_free(options); + return ret; +} + +static networkstatus_t mock_ns; + +static networkstatus_t * +mock_networkstatus_get_live_consensus(time_t now) +{ + (void) now; + return &mock_ns; +} + +static char * +mock_read_file_to_str(const char *filename, int flags, struct stat *stat_out) +{ + char *ret = NULL; + + (void) flags; + (void) stat_out; + + if (!strcmp(filename, get_fname("hs3" PATH_SEPARATOR "ob_config"))) { + if (config_is_good) { + tor_asprintf(&ret, "MasterOnionAddress %s.onion\n" + "MasterOnionAddress %s.onion\n", + onion_addr_1, onion_addr_2); + } else { + tor_asprintf(&ret, "MasterOnionAddress JUNKJUNKJUNK.onion\n" + "UnknownOption BLAH\n"); + } + goto done; + } + + done: + return ret; +} + +static void +test_parse_config_file(void *arg) +{ + int ret; + char *conf = NULL; + const ed25519_public_key_t *pkey; + + (void) arg; + + hs_init(); + + MOCK(read_file_to_str, mock_read_file_to_str); + +#define fmt_conf \ + "HiddenServiceDir %s\n" \ + "HiddenServicePort 22\n" \ + "HiddenServiceOnionBalanceInstance 1\n" + tor_asprintf(&conf, fmt_conf, get_fname("hs3")); +#undef fmt_conf + + /* Build the OB frontend onion addresses. */ + ed25519_keypair_generate(&onion_addr_kp_1, 0); + hs_build_address(&onion_addr_kp_1.pubkey, HS_VERSION_THREE, onion_addr_1); + ed25519_keypair_generate(&onion_addr_kp_2, 0); + hs_build_address(&onion_addr_kp_2.pubkey, HS_VERSION_THREE, onion_addr_2); + + ret = helper_tor_config(conf); + tor_free(conf); + tt_int_op(ret, OP_EQ, 0); + + /* Load the keys for the service. After that, the v3 service should be + * registered in the global map and we'll be able to access it. */ + tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 1); + hs_service_load_all_keys(); + tt_int_op(get_hs_service_map_size(), OP_EQ, 1); + const hs_service_t *s = get_first_service(); + tt_assert(s); + tt_assert(s->config.ob_master_pubkeys); + tt_assert(hs_ob_service_is_instance(s)); + tt_assert(smartlist_len(s->config.ob_master_pubkeys) == 2); + + /* Test the public keys we've added. */ + pkey = smartlist_get(s->config.ob_master_pubkeys, 0); + tt_mem_op(&onion_addr_kp_1.pubkey, OP_EQ, pkey, ED25519_PUBKEY_LEN); + pkey = smartlist_get(s->config.ob_master_pubkeys, 1); + tt_mem_op(&onion_addr_kp_2.pubkey, OP_EQ, pkey, ED25519_PUBKEY_LEN); + + done: + hs_free_all(); + + UNMOCK(read_file_to_str); +} + +static void +test_parse_config_file_bad(void *arg) +{ + int ret; + char *conf = NULL; + + (void) arg; + + hs_init(); + + MOCK(read_file_to_str, mock_read_file_to_str); + + /* Indicate mock_read_file_to_str() to use the bad config. */ + config_is_good = false; + +#define fmt_conf \ + "HiddenServiceDir %s\n" \ + "HiddenServicePort 22\n" \ + "HiddenServiceOnionBalanceInstance 1\n" + tor_asprintf(&conf, fmt_conf, get_fname("hs3")); +#undef fmt_conf + + setup_full_capture_of_logs(LOG_INFO); + ret = helper_tor_config(conf); + tor_free(conf); + tt_int_op(ret, OP_EQ, -1); + expect_log_msg_containing("OnionBalance: MasterOnionAddress " + "JUNKJUNKJUNK.onion is invalid"); + expect_log_msg_containing("Found unrecognized option \'UnknownOption\'; " + "saving it."); + teardown_capture_of_logs(); + + done: + hs_free_all(); + + UNMOCK(read_file_to_str); +} + +static void +test_get_subcredentials(void *arg) +{ + int ret; + hs_service_config_t config; + + (void) arg; + + MOCK(networkstatus_get_live_consensus, + mock_networkstatus_get_live_consensus); + + /* Setup consensus with proper time so we can compute the time period. */ + ret = parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", + &mock_ns.valid_after); + tt_int_op(ret, OP_EQ, 0); + ret = parse_rfc1123_time("Sat, 26 Oct 1985 14:00:00 UTC", + &mock_ns.fresh_until); + tt_int_op(ret, OP_EQ, 0); + + config.ob_master_pubkeys = smartlist_new(); + tt_assert(config.ob_master_pubkeys); + + /* Generate a keypair to add to the list. */ + ed25519_keypair_generate(&onion_addr_kp_1, 0); + smartlist_add(config.ob_master_pubkeys, &onion_addr_kp_1.pubkey); + + uint8_t *subcreds = NULL; + size_t num = hs_ob_get_subcredentials(&config, &subcreds); + tt_uint_op(num, OP_EQ, 3); + + /* Validate the subcredentials we just got. We'll build them oursevles with + * the right time period steps and compare. */ + const uint64_t tp = hs_get_time_period_num(0); + const int steps[3] = {0, -1, 1}; + + for (unsigned int i = 0; i < num; i++) { + uint8_t subcredential[DIGEST256_LEN]; + ed25519_public_key_t blinded_pubkey; + hs_build_blinded_pubkey(&onion_addr_kp_1.pubkey, NULL, 0, tp + steps[i], + &blinded_pubkey); + hs_get_subcredential(&onion_addr_kp_1.pubkey, &blinded_pubkey, + subcredential); + tt_mem_op(&(subcreds[i * sizeof(subcredential)]), OP_EQ, subcredential, + sizeof(subcredential)); + } + + done: + tor_free(subcreds); + smartlist_free(config.ob_master_pubkeys); + + UNMOCK(networkstatus_get_live_consensus); +} + +struct testcase_t hs_ob_tests[] = { + { "parse_config_file", test_parse_config_file, TT_FORK, + NULL, NULL }, + { "parse_config_file_bad", test_parse_config_file_bad, TT_FORK, + NULL, NULL }, + + { "get_subcredentials", test_get_subcredentials, TT_FORK, + NULL, NULL }, + + END_OF_TESTCASES +}; +

1 0

[tor/master] Define a variant of hs_ntor that takes multiple subcredentials.
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit 46e6a4819aefb09b26924026833ead3eda533328 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jan 16 18:40:50 2020 -0500 Define a variant of hs_ntor that takes multiple subcredentials. --- src/core/crypto/hs_ntor.c | 36 +++++++++++++++++++++++++++++++----- src/core/crypto/hs_ntor.h | 8 ++++++++ 2 files changed, 39 insertions(+), 5 deletions(-) diff --git a/src/core/crypto/hs_ntor.c b/src/core/crypto/hs_ntor.c index 0422e7279..4bd11ef98 100644 --- a/src/core/crypto/hs_ntor.c +++ b/src/core/crypto/hs_ntor.c @@ -453,6 +453,28 @@ hs_ntor_service_get_introduce1_keys( const hs_subcredential_t *subcredential, hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out) { + return hs_ntor_service_get_introduce1_keys_multi( + intro_auth_pubkey, + intro_enc_keypair, + client_ephemeral_enc_pubkey, + 1, + subcredential, + hs_ntor_intro_cell_keys_out); +} + +/** + * As hs_ntor_service_get_introduce1_keys(), but take multiple subcredentials + * as input, and yield multiple sets of keys as output. + **/ +int +hs_ntor_service_get_introduce1_keys_multi( + const struct ed25519_public_key_t *intro_auth_pubkey, + const struct curve25519_keypair_t *intro_enc_keypair, + const struct curve25519_public_key_t *client_ephemeral_enc_pubkey, + int n_subcredentials, + const hs_subcredential_t *subcredentials, + hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out) +{ int bad = 0; uint8_t secret_input[INTRO_SECRET_HS_INPUT_LEN]; uint8_t dh_result[CURVE25519_OUTPUT_LEN]; @@ -460,7 +482,8 @@ hs_ntor_service_get_introduce1_keys( tor_assert(intro_auth_pubkey); tor_assert(intro_enc_keypair); tor_assert(client_ephemeral_enc_pubkey); - tor_assert(subcredential); + tor_assert(n_subcredentials >= 1); + tor_assert(subcredentials); tor_assert(hs_ntor_intro_cell_keys_out); /* Compute EXP(X, b) */ @@ -476,13 +499,16 @@ hs_ntor_service_get_introduce1_keys( secret_input); bad |= safe_mem_is_zero(secret_input, CURVE25519_OUTPUT_LEN); - /* Get ENC_KEY and MAC_KEY! */ - get_introduce1_key_material(secret_input, subcredential, - hs_ntor_intro_cell_keys_out); + for (int i = 0; i < n_subcredentials; ++i) { + /* Get ENC_KEY and MAC_KEY! */ + get_introduce1_key_material(secret_input, &subcredentials[i], + &hs_ntor_intro_cell_keys_out[i]); + } memwipe(secret_input, 0, sizeof(secret_input)); if (bad) { - memwipe(hs_ntor_intro_cell_keys_out, 0, sizeof(hs_ntor_intro_cell_keys_t)); + memwipe(hs_ntor_intro_cell_keys_out, 0, + sizeof(hs_ntor_intro_cell_keys_t) * n_subcredentials); } return bad ? -1 : 0; diff --git a/src/core/crypto/hs_ntor.h b/src/core/crypto/hs_ntor.h index b78bc4e80..2ed357f02 100644 --- a/src/core/crypto/hs_ntor.h +++ b/src/core/crypto/hs_ntor.h @@ -58,6 +58,14 @@ int hs_ntor_client_get_rendezvous1_keys( const struct curve25519_public_key_t *service_ephemeral_rend_pubkey, hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out); +int hs_ntor_service_get_introduce1_keys_multi( + const struct ed25519_public_key_t *intro_auth_pubkey, + const struct curve25519_keypair_t *intro_enc_keypair, + const struct curve25519_public_key_t *client_ephemeral_enc_pubkey, + int n_subcredentials, + const hs_subcredential_t *subcredentials, + hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out); + int hs_ntor_service_get_introduce1_keys( const struct ed25519_public_key_t *intro_auth_pubkey, const struct curve25519_keypair_t *intro_enc_keypair,

1 0

[tor/master] hs-v3: Code improvement for INTRO2 MAC validation
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit 780e498f760b139fb540d2e050de08df60714f4a Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Jan 14 12:42:09 2020 -0500 hs-v3: Code improvement for INTRO2 MAC validation Pointed by nickm during the review of #32709. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_cell.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 680897cf9..021a41825 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -776,6 +776,12 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data, * in the cell is at the end of the encrypted section. */ { uint8_t mac[DIGEST256_LEN]; + + /* Make sure we are now about to underflow. */ + if (encrypted_section_len < sizeof(mac)) { + goto err; + } + /* The MAC field is at the very end of the ENCRYPTED section. */ size_t mac_offset = encrypted_section_len - sizeof(mac); /* Compute the MAC. Use the entire encoded payload with a length up to the @@ -785,7 +791,7 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data, encrypted_section, encrypted_section_len, intro_keys->mac_key, sizeof(intro_keys->mac_key), mac, sizeof(mac)); - if (tor_memcmp(mac, encrypted_section + mac_offset, sizeof(mac))) { + if (tor_memneq(mac, encrypted_section + mac_offset, sizeof(mac))) { log_info(LD_REND, "Invalid MAC validation for INTRODUCE2 cell"); goto err; }

1 0

[tor/master] hs-v3: Implement hs_ob_service_is_instance()
by nickm＠torproject.org 24 Feb '20

24 Feb '20

commit faada6af8d77eee40499be06acfab80d0ffac97f Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Jan 14 12:54:56 2020 -0500 hs-v3: Implement hs_ob_service_is_instance() Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_cell.c | 2 +- src/feature/hs/hs_ob.c | 18 ++++++++++++++++++ src/feature/hs/hs_ob.h | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 021a41825..aabc55859 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -916,7 +916,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, * file. This is because the master identity key and the blinded key is put * in the INTRODUCE2 cell by the client thus it will never validate with * this instance default public key. */ - if (service->config.ob_master_pubkeys) { + if (hs_ob_service_is_instance(service)) { intro_keys = get_intro2_keys_as_ob(&service->config, data, encrypted_section, encrypted_section_len); diff --git a/src/feature/hs/hs_ob.c b/src/feature/hs/hs_ob.c index 7e84af3d9..62db3bd43 100644 --- a/src/feature/hs/hs_ob.c +++ b/src/feature/hs/hs_ob.c @@ -193,6 +193,24 @@ build_subcredential(const ed25519_public_key_t *pkey, uint64_t tp, * Public API. */ +/** Return true iff the given service is configured as an onion balance + * instance. To satisfy that condition, there must at least be one master + * ed25519 public key configured. */ +bool +hs_ob_service_is_instance(const hs_service_t *service) +{ + if (BUG(service == NULL)) { + return false; + } + + /* No list, we are not an instance. */ + if (!service->config.ob_master_pubkeys) { + return false; + } + + return smartlist_len(service->config.ob_master_pubkeys) > 0; +} + /** Read and parse the config file at fname on disk. The service config object * is populated with the options if any. * diff --git a/src/feature/hs/hs_ob.h b/src/feature/hs/hs_ob.h index 8ad6aabc4..fea6a737d 100644 --- a/src/feature/hs/hs_ob.h +++ b/src/feature/hs/hs_ob.h @@ -11,6 +11,8 @@ #include "hs_service.h" +bool hs_ob_service_is_instance(const hs_service_t *service); + int hs_ob_parse_config_file(hs_service_config_t *config); size_t hs_ob_get_subcredentials(const hs_service_config_t *config,

1 0