diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-02-08 21:13:12 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-02-08 21:13:12 +0000 |
| commit | de827f89df460e5920239a14addd1dd264b76bb5 (patch) | |
| tree | 9e3dd40f12b8c6847c433fcfb53080bd5b00ac26 | |
| parent | 809227a121136d4c48ea09ad96aef5ecb9eb15eb (diff) | |
| download | tor-de827f89df460e5920239a14addd1dd264b76bb5.tar tor-de827f89df460e5920239a14addd1dd264b76bb5.tar.gz | |
r14062@tombo: nickm | 2008-02-08 15:17:07 -0500
Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | doc/TODO | 1 | ||||
| -rw-r--r-- | src/common/crypto.c | 31 | ||||
| -rw-r--r-- | src/common/crypto.h | 3 | ||||
| -rw-r--r-- | src/common/tortls.c | 57 | ||||
| -rw-r--r-- | src/common/tortls.h | 3 | ||||
| -rw-r--r-- | src/or/dns.c | 16 | ||||
| -rw-r--r-- | src/or/main.c | 3 | ||||
| -rw-r--r-- | src/or/router.c | 7 |
9 files changed, 74 insertions, 49 deletions
@@ -18,6 +18,8 @@ Changes in version 0.2.0.19-alpha - 2008-02-?? o Minor features (security): - Be slightly more paranoid about overwriting sensitive memory on free, as a defensive programming tactic to ensure forward secrecy. + - Do not include recognizeable strings in the commonname part of + Tor's x509 certificates. o Deprecated features (controller): - The status/version/num-versioning and status/version/num-concurring @@ -75,6 +75,7 @@ N - Before the feature freeze: cert, they adust the client ID. o Detect. o Adjust. + o Better cname and organizationName generation. . New revised handshake: post-TLS: o start by sending VERSIONS cells o once we have a version, send a netinfo and become open diff --git a/src/common/crypto.c b/src/common/crypto.c index 6f640b284..01e32524c 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1768,6 +1768,37 @@ crypto_rand_uint64(uint64_t max) } } +/** Generate and return a new random hostname starting with prefix, ending + * with suffix, and containing between min_rand_len and max_rand_len random + * base32 characters between. */ +char * +crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, + const char *suffix) +{ + char *result, *rand_bytes; + int randlen, resultlen, rand_bytes_len, prefixlen; + + tor_assert(max_rand_len >= min_rand_len); + randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1); + prefixlen = strlen(prefix); + resultlen = prefixlen + strlen(suffix) + randlen + 16; + + rand_bytes_len = ((randlen*5)+7)/8; + if (rand_bytes_len % 5) + rand_bytes_len += 5 - (rand_bytes_len%5); + rand_bytes = tor_malloc(rand_bytes_len); + crypto_rand(rand_bytes, rand_bytes_len); + + result = tor_malloc(resultlen); + memcpy(result, prefix, prefixlen); + base32_encode(result+prefixlen, resultlen-prefixlen, + rand_bytes, rand_bytes_len); + tor_free(rand_bytes); + strlcpy(result+prefixlen+randlen, suffix, resultlen-(prefixlen+randlen)); + + return result; +} + /** Return a randomly chosen element of sl; or NULL if sl is empty. */ void * diff --git a/src/common/crypto.h b/src/common/crypto.h index e02e3df32..aa5cf920c 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -171,6 +171,9 @@ int crypto_rand(char *to, size_t n); int crypto_rand_int(unsigned int max); uint64_t crypto_rand_uint64(uint64_t max); +char *crypto_random_hostname(int min_rand_len, int max_rand_len, + const char *prefix, const char *suffix); + struct smartlist_t; void *smartlist_choose(const struct smartlist_t *sl); void smartlist_shuffle(struct smartlist_t *sl); diff --git a/src/common/tortls.c b/src/common/tortls.c index 78c8bcaa2..eab3cac07 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -322,6 +322,24 @@ always_accept_verify_cb(int preverify_ok, return 1; } +/** Return a newly allocated X509 name with commonName <b>cname</b> */ +static X509_NAME * +tor_x509_name_new(const char *cname) +{ + int nid; + X509_NAME *name; + if (!(name = X509_NAME_new())) + return NULL; + if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; + if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, + (unsigned char*)cname, -1, -1, 0))) + goto error; + return name; + error: + X509_NAME_free(name); + return NULL; +} + /** Generate and sign an X509 certificate with the public key <b>rsa</b>, * signed by the private key <b>rsa_sign</b>. The commonName of the * certificate will be <b>cname</b>; the commonName of the issuer will be @@ -340,7 +358,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, EVP_PKEY *sign_pkey = NULL, *pkey=NULL; X509 *x509 = NULL; X509_NAME *name = NULL, *name_issuer=NULL; - int nid; tor_tls_init(); @@ -361,30 +378,11 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, if (!(ASN1_INTEGER_set(X509_get_serialNumber(x509), (long)start_time))) goto error; - if (!(name = X509_NAME_new())) - goto error; - if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) - goto error; - if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, - (unsigned char*)"t o r", -1, -1, 0))) - goto error; - if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; - if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, - (unsigned char*)cname, -1, -1, 0))) + if (!(name = tor_x509_name_new(cname))) goto error; if (!(X509_set_subject_name(x509, name))) goto error; - - if (!(name_issuer = X509_NAME_new())) - goto error; - if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) - goto error; - if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, - (unsigned char*)"t o r", -1, -1, 0))) - goto error; - if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; - if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, - (unsigned char*)cname_sign, -1, -1, 0))) + if (!(name_issuer = tor_x509_name_new(cname_sign))) goto error; if (!(X509_set_issuer_name(x509, name_issuer))) goto error; @@ -509,20 +507,19 @@ tor_tls_context_incref(tor_tls_context_t *ctx) * the new SSL context. */ int -tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname, - unsigned int key_lifetime) +tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) { crypto_pk_env_t *rsa = NULL; crypto_dh_env_t *dh = NULL; EVP_PKEY *pkey = NULL; tor_tls_context_t *result = NULL; X509 *cert = NULL, *idcert = NULL; - char nn2[128]; - if (!nickname) - nickname = "null"; - tor_snprintf(nn2, sizeof(nn2), "%s <signing>", nickname); + char *nickname = NULL, *nn2 = NULL; tor_tls_init(); + nickname = crypto_random_hostname(8, 20, "www.", ".net"); + nn2 = crypto_random_hostname(8, 20, "www.", ".net"); + log_notice(LD_NET, "<%s> <%s>", nickname, nn2); /* Generate short-term RSA key. */ if (!(rsa = crypto_new_pk_env())) @@ -594,10 +591,14 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname, global_tls_context = result; if (rsa) crypto_free_pk_env(rsa); + tor_free(nickname); + tor_free(nn2); return 0; error: tls_log_errors(LOG_WARN, "creating TLS context"); + tor_free(nickname); + tor_free(nn2); if (pkey) EVP_PKEY_free(pkey); if (rsa) diff --git a/src/common/tortls.h b/src/common/tortls.h index f18f7137d..a41f4dfb2 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -47,8 +47,7 @@ typedef struct tor_tls_t tor_tls_t; const char *tor_tls_err_to_string(int err); void tor_tls_free_all(void); -int tor_tls_context_new(crypto_pk_env_t *rsa, - const char *nickname, unsigned int key_lifetime); +int tor_tls_context_new(crypto_pk_env_t *rsa, unsigned int key_lifetime); tor_tls_t *tor_tls_new(int sock, int is_server); void tor_tls_set_renegotiate_callback(tor_tls_t *tls, void (*cb)(tor_tls_t *, void *arg), diff --git a/src/or/dns.c b/src/or/dns.c index 78faaf70d..0efe286ce 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -1418,22 +1418,14 @@ evdns_wildcard_check_callback(int result, char type, int count, int ttl, static void launch_wildcard_check(int min_len, int max_len, const char *suffix) { - char random_bytes[20], name[64], *addr; - size_t len; + char *addr; int r; - len = min_len + crypto_rand_int(max_len-min_len+1); - if (crypto_rand(random_bytes, sizeof(random_bytes)) < 0) - return; - base32_encode(name, sizeof(name), random_bytes, sizeof(random_bytes)); - name[len] = '\0'; - strlcat(name, suffix, sizeof(name)); - + addr = crypto_random_hostname(min_len, max_len, "", suffix); log_info(LD_EXIT, "Testing whether our DNS server is hijacking nonexistent " - "domains with request for bogus hostname \"%s\"", name); + "domains with request for bogus hostname \"%s\"", addr); - addr = tor_strdup(name); - r = evdns_resolve_ipv4(name, DNS_QUERY_NO_SEARCH, + r = evdns_resolve_ipv4(addr, DNS_QUERY_NO_SEARCH, evdns_wildcard_check_callback, addr); if (r) tor_free(addr); diff --git a/src/or/main.c b/src/or/main.c index 293f07c41..53d8adad3 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -886,8 +886,7 @@ run_scheduled_events(time_t now) last_rotated_x509_certificate = now; if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) { log_info(LD_GENERAL,"Rotating tls context."); - if (tor_tls_context_new(get_identity_key(), options->Nickname, - MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { log_warn(LD_BUG, "Error reinitializing TLS context"); /* XXX is it a bug here, that we just keep going? -RD */ } diff --git a/src/or/router.c b/src/or/router.c index e9e78d9e0..6388d244e 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -403,9 +403,7 @@ init_keys(void) } set_identity_key(prkey); /* Create a TLS context; default the client nickname to "client". */ - if (tor_tls_context_new(get_identity_key(), - options->Nickname ? options->Nickname : "client", - MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { log_err(LD_GENERAL,"Error creating TLS context for Tor client."); return -1; } @@ -483,8 +481,7 @@ init_keys(void) tor_free(keydir); /* 3. Initialize link key and TLS context. */ - if (tor_tls_context_new(get_identity_key(), options->Nickname, - MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { log_err(LD_GENERAL,"Error initializing TLS context"); return -1; } |