| Commit message (Expand) | Author | Age |
|---|
| * | whitespace fix | Nick Mathewson | 2013-02-07 |
| * | Tolerate curve25519 backends where the high bit of the pk isn't ignored•••Right now, all our curve25519 backends ignore the high bit of the
public key. But possibly, others could treat the high bit of the
public key as encoding out-of-bounds values, or as something to be
preserved. This could be used to distinguish clients with different
backends, at the cost of killing a circuit.
As a workaround, let's just clear the high bit of each public key
indiscriminately before we use it. Fix for bug 8121, reported by
rransom. Bugfix on 0.2.4.8-alpha.
| Nick Mathewson | 2013-02-07 |
| * | Update the copyright date to 201. | Nick Mathewson | 2013-01-16 |
| * | Make the = at the end of ntor-onion-key optional.•••Makes bug 7869 more easily fixable if we ever choose to do so.
| Nick Mathewson | 2013-01-05 |
| * | Whoops; make that unit test actually pass :/ | Nick Mathewson | 2013-01-03 |
| * | Add a unit test for the curve25519 keypair persistence functions | Nick Mathewson | 2013-01-03 |
| * | Merge branch 'ntor-resquashed'•••Conflicts:
src/or/cpuworker.c
src/or/or.h
src/test/bench.c
| Nick Mathewson | 2013-01-03 |
| |\ |
|
| | * | Refactor strong os-RNG into its own function•••Previously, we only used the strong OS entropy source as part of
seeding OpenSSL's RNG. But with curve25519, we'll have occasion to
want to generate some keys using extremely-good entopy, as well as the
means to do so. So let's!
This patch refactors the OS-entropy wrapper into its own
crypto_strongest_rand() function, and makes our new
curve25519_secret_key_generate function try it as appropriate.
| Nick Mathewson | 2013-01-02 |
| | * | Add a wrapper around, and test and build support for, curve25519.•••We want to use donna-c64 when we have a GCC with support for
64x64->uint128_t multiplying. If not, we want to use libnacl if we
can, unless it's giving us the unsafe "ref" implementation. And if
that isn't going to work, we'd like to use the
portable-and-safe-but-slow 32-bit "donna" implementation.
We might need more library searching for the correct libnacl,
especially once the next libnacl release is out -- it's likely to have
bunches of better curve25519 implementations.
I also define a set of curve25519 wrapper functions, though it really
shouldn't be necessary.
We should eventually make the -donna*.c files get build with
-fomit-frame-pointer, since that can make a difference.
| Nick Mathewson | 2013-01-02 |
| | * | Add a unit test for the old KDF while we're at it | Nick Mathewson | 2012-12-06 |
| | * | Implement HKDF from RFC5869•••This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.
I'm also renaming the existing KDF, now that Tor has two of them.
This is the key derivation scheme specified in ntor.
There are also unit tests.
| Nick Mathewson | 2012-12-06 |
| * | | In the unit tests, use "test_eq_ptr" and "test_neq_ptr" consistently•••This is part of what's needed to build without warnings on mingw64:
it was warning about the cast from void* to long that happened in
the places we were using test_{n,}eq on pointers.
The alternative here would have been to broaden tt_int_op to accept
a long long or an intptr_t, but that's less correct (since pointers
aren't integers), and would hurt the portability of tinytest a
little.
Fixes part of 7260.
| Nick Mathewson | 2012-11-02 |
| |/ |
|
| * | Add unit test for crypto_pk_cmp_keys and NULL | Nick Mathewson | 2012-09-17 |
| * | Update copyright dates to 2012; add a few missing copyright statements | Nick Mathewson | 2012-06-04 |
| * | Refactor the API for setting up a block cipher.•••It allows us more flexibility on the backend if the user needs to
specify the key and IV at setup time.
| Nick Mathewson | 2012-03-27 |
| * | Remove support for PK_NO_PADDING in crypto_pk_public_hybrid_encrypt•••We never use it, and it would be a stupid thing if we started using it.
| Nick Mathewson | 2012-03-27 |
| * | Rename nonconformant identifiers.•••Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
| Nick Mathewson | 2012-01-18 |
| * | Test for broken counter-mode at runtime•••To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode.
But Fedora (and maybe others) lie about the actual OpenSSL version,
so we can't trust the header to tell us if it's safe.
Instead, let's do a run-time test to see whether it's safe, and if
not, use our built-in version.
fermenthor contributed a pretty essential fixup to this patch. Thanks!
| Nick Mathewson | 2012-01-10 |
| * | Make AES unit tests cover the AES and the EVP case. | Nick Mathewson | 2011-11-25 |
| * | Add a sha256 hmac function, with tests | Nick Mathewson | 2011-10-10 |
| * | Prefer tt_assert in unit tests, not tor_assert | Nick Mathewson | 2011-06-08 |
| * | Reject 128-byte keys that are not 1024-bit•••When we added the check for key size, we required that the keys be
128 bytes. But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024. This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.
Also, credit the original bug3318 in the changes file.
| Nick Mathewson | 2011-06-03 |
| * | Fix GCC 4.6's new -Wunused-but-set-variable warnings.•••Most instances were dead code; for those, I removed the assignments.
Some were pieces of info we don't currently plan to use, but which
we might in the future. For those, I added an explicit cast-to-void
to indicate that we know that the thing's unused. Finally, one was
a case where we were testing the wrong variable in a unit test.
That one I fixed.
This resolves bug 3208.
| Nick Mathewson | 2011-05-23 |
| * | Clean up whitespace | Nick Mathewson | 2011-03-16 |
| * | Make the DH parameter we use for TLS match the one from Apache's mod_ssl•••Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
| Nick Mathewson | 2011-01-24 |
| * | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/or/config.c
src/or/networkstatus.c
src/or/rendcommon.c
src/or/routerparse.c
src/or/test.c
| Nick Mathewson | 2011-01-15 |
| * | Bump copyright statements to 2011 (0.2.2) | Nick Mathewson | 2011-01-03 |
| * | Add a function to return a double in range [0,1). | Nick Mathewson | 2010-06-22 |
| * | Update copyright dates for files not in maint-0.2.1 | Nick Mathewson | 2010-02-27 |
| * | Fix CID 409: check return value of base64_encode in tests | Nick Mathewson | 2009-10-26 |
| * | Reduce log level for someone else sending us weak DH keys.•••See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
| Karsten Loesing | 2009-10-25 |
| * | Support for encoding and decoding 256-bit digests in base64 | Nick Mathewson | 2009-10-15 |
| * | Improved fix for test_memeq_hex leak.•••The earlier fix would only handle the success case. In the failing
case, test_mem_op does a goto done, which would leave the leak leaking.
| Nick Mathewson | 2009-09-27 |
| * | Split crypto tests into a separate module. | Nick Mathewson | 2009-09-23 |