RPC: Implement cookie authentication (!2702) · Merge requests · The Tor Project / Core / Arti

Merged Nick Mathewson requested to merge nickm/arti:rpc-cookie into main 2 months ago

Jan 15, 2025
- rpc: Expose Cookie::load unconditionally. · 86ad28dd
  Nick Mathewson authored 1 month ago
  
  86ad28dd
- arti-rpcserver: require latest tiny-keccak. · b842155b
  Nick Mathewson authored 1 month ago
  
  b842155b
- rpc: Clarify auth-repetition rules. · bdbddede
  Nick Mathewson authored 1 month ago
  
  bdbddede
- rpc: Document cookie messages a little more. · f2398569
  Nick Mathewson authored 1 month ago
  
  f2398569
- rpc: Use symbolic constants for nonce/mac lengths. · 0d9ec038
  Nick Mathewson authored 1 month ago
  
  0d9ec038
- rpc: Tests for cookie nonce/mac encoding/decoding. · 7a1daa02
  Nick Mathewson authored 1 month ago
  
  Also fix a bug in decoding, where we accepted too-short strings.
  7a1daa02
- rpc: Refactor Cookie and UnloadedCookie into a single type. · 6e0f70d0
  Nick Mathewson authored 1 month ago
  
  6e0f70d0
- rpc: Update cbindgen warnings. · 4a1afed1
  Nick Mathewson authored 2 months ago
  
  4a1afed1
- rpc: consolodate naming of "inherent" auth. · c6445825
  Nick Mathewson authored 2 months ago
  
  We don't want to call this "unix path" anywhere, since it corresponds to _any_ case where the ability to negotiate a successful connection means that the client is authorized. We also don't want to call it "none": The authentication is inherent to the connection, not nonexistent.
  c6445825
- rpc: Tweak cookie protocol to bind both nonces. · f3fcd71f
  Nick Mathewson authored 2 months ago
  
  Previously participants in the cookie protocol only bound the peer nonce in their MACs. With this change, they bind both nonces. This change is _probably_ not necessary for security, but it can't hurt. It follows a general principle that Adam Langley told me a long time ago: you won't regret binding more, but you might regret binding less.
  f3fcd71f
- rpc: Keep Cookie in an Arc. · 522b62fc
  Nick Mathewson authored 2 months ago
  
  Since this is a secret value, it's probably best not to copy it all over the place.
  522b62fc
- RPC tests: test that unix sockets still work. · 7ef41295
  Nick Mathewson authored 2 months ago
  
  7ef41295
- RPC tests: use cookie authentication as the default. · 6821f637
  Nick Mathewson authored 2 months ago
  
  (Since Windows doesn't have unix sockets, this is the option that will work everywhere.)
  6821f637
- rpc_tests: rename connpt_path, since we are about to have a second. · d2597b87
  Nick Mathewson authored 2 months ago
  
  d2597b87
- arti-rpc-client-core: Client side of cookie authentication. · 08e9de49
  Nick Mathewson authored 2 months ago
  
  08e9de49
- arti-rpc-client-core: rewrap Cargo.toml · 94b59893
  Nick Mathewson authored 2 months ago
  
  94b59893
- arti-rpcserver: Server side of cookie auth. · a9136cf5
  Nick Mathewson authored 2 months ago
  
  a9136cf5
- arti-rpcserver: Tell connections what kind of auth to expect. · da12b18d
  Nick Mathewson authored 2 months ago
  
  da12b18d
- arti-rpcserver: move inherent authentication to its own module. · b73c5714
  Nick Mathewson authored 2 months ago
  
  b73c5714
- arti-rpcserver: remove some dead code. · 2194c68e
  Nick Mathewson authored 2 months ago
  
  Now that we have a solid idea of how connections happen, it's clear we won't need to enable this negotiation mechanism.
  2194c68e
- tor-rpc-connect: Cryptographic support for cookie auth. · d43de9a6
  Nick Mathewson authored 2 months ago
  
  Conforms to rpc-cookie-sketch.md.
  d43de9a6
- rpc-cookie-sketch: typo fix. · b354b7ae
  Nick Mathewson authored 2 months ago
  
  b354b7ae
- tor-rpc-connect: defer loading auth cookies on the client side. · 53b07935
  Nick Mathewson authored 2 months ago
  
  We want to load cookies only after we've connected and gotten a banner.
  53b07935
- tor-rpc-connect: move cookie auth support to its own module. · 5c70c179
  Nick Mathewson authored 2 months ago
  
  5c70c179

RPC: Implement cookie authentication

Merge request reports

Activity