1. 21 Aug, 2017 1 commit
  2. 09 Aug, 2017 1 commit
  3. 13 Jul, 2017 1 commit
    • David Goulet's avatar
      prop224: Add hs_config.{c|h} with a refactoring · 02e2edeb
      David Goulet authored
      Add the hs_config.{c|h} files contains everything that the HS subsystem needs
      to load and configure services. Ultimately, it should also contain client
      functions such as client authorization.
      This comes with a big refactoring of rend_config_services() which has now
      changed to only configure a single service and it is stripped down of the
      common directives which are now part of the generic handler.
      This is ground work for prop224 of course but only touches version 2 services
      and add XXX note for version 3.
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
  4. 07 Jul, 2017 3 commits
    • George Kadianakis's avatar
      test: Introduce hs_client_note_connection_attempt_succeeded(). · 9ff5613a
      George Kadianakis authored and Nick Mathewson's avatar Nick Mathewson committed
      This commit paves the way for the e2e circuit unittests.
      Add a stub for the prop224 equivalent of rend_client_note_connection_attempt_ended().
      That function was needed for tests, since the legacy function would get
      called when we attach streams and our client-side tests would crash with
      assert failures on rend_data.
      This also introduces hs_client.[ch] to the codebase.
    • David Goulet's avatar
      prop224: Introduce e2e rendezvous circuit code. · 0cb66fc9
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      This commit adds most of the work of #21859. It introduces hs_circuit.c
      functions that can handle the setup of e2e circuits for prop224 hidden
      services, and also for legacy hidden service clients. Entry points are:
      		prop224 circuits: hs_circuit_setup_e2e_rend_circ()
      		legacy client-side circuits: hs_circuit_setup_e2e_rend_circ_legacy_client()
      This commit swaps the old rendclient code to use the new API.
      I didn't try to accomodate the legacy service-side code in this API, since
      that's too tangled up and it would mess up the new API considerably IMO (all
      this service_pending_final_cpath_ref stuff is complicated and I didn't want to
      change it).
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
    • David Goulet's avatar
      prop224: Add connection and circuit identifier object · f8dc1164
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
  5. 08 May, 2017 1 commit
    • Mike Perry's avatar
      Netflow record collapsing defense. · b0e92634
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This defense will cause Cisco, Juniper, Fortinet, and other routers operating
      in the default configuration to collapse netflow records that would normally
      be split due to the 15 second flow idle timeout.
      Collapsing these records should greatly reduce the utility of default netflow
      data for correlation attacks, since all client-side records should become 30
      minute chunks of total bytes sent/received, rather than creating multiple
      separate records for every webpage load/ssh command interaction/XMPP chat/whatever
      else happens to be inactive for more than 15 seconds.
      The defense adds consensus parameters to govern the range of timeout values
      for sending padding packets, as well as for keeping connections open.
      The defense only sends padding when connections are otherwise inactive, and it
      does not pad connections used solely for directory traffic at all. By default
      it also doesn't pad inter-relay connections.
      Statistics on the total padding in the last 24 hours are exported to the
      extra-info descriptors.
  6. 29 Apr, 2017 1 commit
    • Sebastian Hahn's avatar
      Add --enable-rust configure switch · 915fa39d
      Sebastian Hahn authored
      Introduce a way to optionally enable Rust integration for our builds. No
      actual Rust code is added yet and specifying the flag has no effect
      other than failing the build if rustc and cargo are unavailable.
  7. 25 Apr, 2017 3 commits
  8. 24 Apr, 2017 1 commit
    • Nick Mathewson's avatar
      Add a "Consensus diff manager" module. · bc91808c
      Nick Mathewson authored
      This module's job is to remember old consensus documents, to
      calculate their diffs on demand, and to .
      There are some incomplete points in this code; I've marked them with
      "XXXX". I intend to fix them in separate commits, since I believe
      doing it in separate commits will make the branch easier to review.
  9. 13 Apr, 2017 1 commit
  10. 06 Apr, 2017 1 commit
  11. 16 Mar, 2017 1 commit
  12. 14 Dec, 2016 1 commit
  13. 05 Dec, 2016 1 commit
  14. 30 Nov, 2016 1 commit
    • Nick Mathewson's avatar
      Split bridge functions into a new module. · 8da24c99
      Nick Mathewson authored
      This patch is just:
         * Code movement
         * Adding headers here and there as needed
         * Adding a bridges_free_all() with a call to it.
      It breaks compilation, since the bridge code needed to make exactly
      2 calls into entrynodes.c internals.  I'll fix those in the next
  15. 04 Nov, 2016 4 commits
  16. 26 Sep, 2016 1 commit
  17. 04 Jul, 2016 2 commits
  18. 20 Jun, 2016 1 commit
  19. 12 May, 2016 1 commit
    • Nick Mathewson's avatar
      Add -ftrapv to gcc-hardening ... mostly! · ce854a8d
      Nick Mathewson authored
      We know there are overflows in curve25519-donna-c32, so we'll have
      to have that one be fwrapv.
      Only apply the asan, ubsan, and trapv options to the code that does
      not need to run in constant time.  Those options introduce branches
      to the code they instrument.
      (These introduced branches should never actually be taken, so it
      might _still_ be constant time after all, but branch predictors are
      complicated enough that I'm not really confident here. Let's aim for
      Closes 17983.
  20. 08 Jan, 2016 1 commit
  21. 26 Dec, 2015 1 commit
  22. 19 Dec, 2015 1 commit
    • Yawning Angel's avatar
      Add the SHA-3 hash functions to common/crypto.h. · 687f9b3b
      Yawning Angel authored
       * DIGEST_SHA3_[256,512] added as supported algorithms, which do
         exactly what is said on the tin.
       * test/bench now benchmarks all of the supported digest algorithms,
         so it's possible to see just how slow SHA-3 is, though the message
         sizes could probably use tweaking since this is very dependent on
         the message size vs the SHA-3 rate.
  23. 15 Dec, 2015 1 commit
    • teor's avatar
      Add Fallback Directory Candidate Selection Script · 4c1c2a31
      teor authored
      "Tor has included a feature to fetch the initial consensus from nodes
       other than the authorities for a while now. We just haven't shipped a
       list of alternate locations for clients to go to yet.
       Reasons why we might want to ship tor with a list of additional places
       where clients can find the consensus is that it makes authority
       reachability and BW less important.
       We want them to have been around and using their current key, address,
       and port for a while now (120 days), and have been running, a guard,
       and a v2 directory mirror for most of that time."
      * whitelist and blacklist for an opt-in/opt-out trial.
      * excludes BadExits, tor versions that aren't recommended, and low
        consensus weight directory mirrors.
      * reduces the weighting of Exits to avoid overloading them.
      * places limits on the weight of any one fallback.
      * includes an IPv6 address and orport for each FallbackDir, as
        implemented in #17327. (Tor won't bootstrap using IPv6 fallbacks
        until #17840 is merged.)
      * generated output includes timestamps & Onionoo URL for traceability.
      * unit test ensures that we successfully load all included default
        fallback directories.
      Closes ticket #15775. Patch by "teor".
      OnionOO script by "weasel", "teor", "gsathya", and "karsten".
  24. 14 Dec, 2015 1 commit
  25. 13 Nov, 2015 1 commit
  26. 29 Sep, 2015 1 commit
  27. 02 Sep, 2015 1 commit
  28. 21 Aug, 2015 1 commit
  29. 18 Aug, 2015 1 commit
  30. 18 Jun, 2015 1 commit
    • David Goulet's avatar
      Add rendcache.{c|h} · 33b1a33c
      David Goulet authored
      For now, rend_cache_entry_t has been moved from or.h to rendcache.h and
      those files have been added to the build system.
      In the next commit, these will contain hidden service descriptor cache ABI
      and API for both client and directory side. The goal is to consolidate the
      descriptor caches in one location to ease development, maintenance, review
      and improve documentation for each cache behavior and algorithm.
      Signed-off-by: default avatarDavid Goulet <dgoulet@ev0ke.net>
  31. 28 May, 2015 2 commits
    • Nick Mathewson's avatar
      Refactor code that matches up routers with the same identity in votes · 6c564e6c
      Nick Mathewson authored
      This makes 'routerstatus collation' into a first-class concept, so
      we can change how that works for prop220.
    • Nick Mathewson's avatar
      Key-pinning back-end for directory authorities. · eacbe03c
      Nick Mathewson authored
      This module implements a key-pinning mechanism to ensure that it's
      safe to use RSA keys as identitifers even as we migrate to Ed25519
      keys.  It remembers, for every Ed25519 key we've seen, what the
      associated Ed25519 key is.  This way, if we see a different Ed25519
      key with that RSA key, we'll know that there's a mismatch.
      We persist these entries to disk using a simple format, where each
      line has a base64-encoded RSA SHA1 hash, then a base64-endoded
      Ed25519 key.  Empty lines, misformed lines, and lines beginning with
      a # are ignored. Lines beginning with @ are reserved for future