aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-09-25Comments and tweaks based on review by asnNick Mathewson
Add some documentation Rename "derive" -> "blind" Check for failure on randombytes().
2014-09-25Add benchmarks for ed25519 functionsNick Mathewson
2014-09-25Add comments to ed25519_vectors.incNick Mathewson
2014-09-25Cut the time to run the python ed25519 tests by a factor of ~6Nick Mathewson
I know it's pointless to optimize them, but I just can't let them spend all that time in expmod() when native python pow() does the same thing.
2014-09-25Add a reference implementation of our ed25519 modificationsNick Mathewson
Also, use it to generate test vectors, and add those test vectors to test_crypto.c This is based on ed25519.py from the ed25519 webpage; the kludgy hacks are my own.
2014-09-25Add the pure-python ed25519 implementation, for testing.Nick Mathewson
2014-09-25More documentation for ed25519 stuff.Nick Mathewson
2014-09-25Fix linux compilation of ed25519_ref10Nick Mathewson
Our integer-definition headers apparently suck in a definition for select(2), which interferes with the select() in ge_scalarmult_base.c
2014-09-25Draft implementation for ed25519 key blinding, as in prop224Nick Mathewson
This implementation allows somebody to add a blinding factor to a secret key, and a corresponding blinding factor to the public key. Robert Ransom came up with this idea, I believe. Nick Hopper proved a scheme like this secure. The bugs are my own.
2014-09-25Add curve25519->ed25519 key conversion per proposal 228Nick Mathewson
For proposal 228, we need to cross-certify our identity with our curve25519 key, so that we can prove at descriptor-generation time that we own that key. But how can we sign something with a key that is only for doing Diffie-Hellman? By converting it to the corresponding ed25519 point. See the ALL-CAPS warning in the documentation. According to djb (IIUC), it is safe to use these keys in the ways that ntor and prop228 are using them, but it might not be safe if we start providing crazy oracle access. (Unit tests included. What kind of a monster do you take me for?)
2014-09-25Support for writing ed25519 public/private components to disk.Nick Mathewson
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25Add encode/decode functions for ed25519 public keysNick Mathewson
2014-09-25Restore the operation of extra_strong in ed25519_secret_key_generateNick Mathewson
2014-09-25Another ed25519 tweak: store secret keys in expanded formatNick Mathewson
This will be needed/helpful for the key blinding of prop224, I believe.
2014-09-25Fix API for ed25519_ref10_open()Nick Mathewson
This is another case where DJB likes sticking the whole signature prepended to the message, and I don't think that's the hottest idea. The unit tests still pass.
2014-09-25Tweak ed25519 ref10 signing interface to use less space.Nick Mathewson
Unit tests still pass.
2014-09-25Tweak ref10 keygen APIs to be more sane.Nick Mathewson
2014-09-25Add Ed25519 support, wrappers, and tests.Nick Mathewson
Taken from earlier ed25519 branch based on floodyberry's ed25519-donna. Tweaked so that it applies to ref10 instead.
2014-08-26ed25519_ref10: use uint64_t and int64_t, not long longNick Mathewson
2014-08-26Add headers as needed to make ed25519_ref10 compile.Nick Mathewson
2014-08-26Add some explicit casts as needed to make ed25519_ref10 compileNick Mathewson
Apparently, ref10 likes implicit conversions from int64 to int32 more than our warnings do.
2014-08-26Integrate ed25519_ref10 into our build system.Nick Mathewson
2014-08-26Add the ed25519 ref10 code verbatim from supercop-20140622Nick Mathewson
We might use libsodium or ed25519-donna later on, but for now, let's see whether this is fast enough. We should use it in all cases when performance doesn't matter.
2014-08-26Merge remote-tracking branch 'public/bug10163'Nick Mathewson
2014-08-25Remove the assigned-but-unused chosen_named_idx local variableNick Mathewson
It had been used in consensus method 1. But now that 13 is the minimum (see #10163), we don't need it around. Found by sysrqb.
2014-08-25Fix another memory leak case in sandbox.c:prot_strings()Nick Mathewson
This is related to the rest of 523587a5cf62119baa01822e2e783925726a790b
2014-08-24Use the ARRAY_LENGTH macro more consistently.Nick Mathewson
2014-08-24Remove the non-implemented versions of the sandbox _array() functionsNick Mathewson
2014-08-24Whitespace fixesNick Mathewson
2014-08-24Terser ways to sandbox-allow related filenamesNick Mathewson
Using the *_array() functions here confused coverity, and was actually a bit longer than we needed. Now we just use macros for the repeated bits, so that we can mention a file and a suffix-appended version in one line.
2014-08-24Merge branch 'bug11792_1_squashed'Nick Mathewson
Conflicts: src/or/circuitlist.c
2014-08-24When looking for conns to close, count the age of linked queued dataNick Mathewson
Specifically, count the age of the data queued in a linked directory connection's buffers when counting a stream's age.
2014-08-24Kill non-tunneled directory connections when handling OOM.Nick Mathewson
Another part of 11792.
2014-08-24Count zlib buffer memory towards OOM totals.Nick Mathewson
Part of 11792. (Uses the zlib-endorsed formula for memory needs for inflate/deflate from "zconf.h".)
2014-08-22Tidy status handling in rendservice.cNick Mathewson
We had some code to fix up the 'status' return value to -1 on error if it wasn't set, but it was unreachable because our code was correct. Tweak this by initializing status to -1, and then only setting it to 0 on success. Also add a goto which was missing: its absence was harmless. [CID 718614, 718616]
2014-08-21Merge branch 'coverity_20140821'Nick Mathewson
2014-08-21fix memory leak on failure in sandbox.c:prot_strings()Nick Mathewson
[CID 1205014]
2014-08-21Store sandbox params as char *, since that's what they are.Nick Mathewson
This allows coverity to infer that we aren't leaking them. [Fixes a lot of CIDs]
2014-08-21Check for duplicate arguments to tor-gencertNick Mathewson
Found by coverity, which noticed that if you said tor-gencert -i identity1 -i identity2 we would leak "identity1". [CID 1198201, 1198202, 1198203]
2014-08-21Mark one use of networkstatus_check_document_signature as (void)Nick Mathewson
Also explain why we aren't checking its return value. [CID 1198197]
2014-08-21remove meaningless checks for chunks==NULL in dirserv stuffNick Mathewson
Also, make it clearer that chunks cannot be NULL [CID 1031750, 1031751]
2014-08-21Suppress coverity warning about overflowing in safe_mem_is_zeroNick Mathewson
The unsigned underflow here is defined and intentional. CID 202482
2014-08-21Avoid performing an assert on an always-true valueNick Mathewson
This was freaking out coverity. [CID 743379]
2014-08-21Suppress coverity warning about overflowing in tor_memeq.Nick Mathewson
The unsigned underflow here is defined and intentional. CID 202482
2014-08-21Check return values for fcntl in tor_spawn_background.Nick Mathewson
[CID 718609]
2014-08-21Allow rend_service_intro_free to get called with NULLNick Mathewson
(We allowed it previously, but produced an LD_BUG message when it happened, which is not consistent Also, remove inconsistent NULL checks before calling rend_service_intro_free. (Removing the check is for CID 718613)
2014-08-21Remove a dead check for errmsg in handle_control_authenticateNick Mathewson
Coverity doesn't like doing NULL checks on things that can't be NULL; I like checking things where the logic for their not being NULL is nontrivial. Let's compromise, and make it obvious that this field can't be NULL. [Coverity CID 202004]
2014-08-21Add a missing goto to an unusable branch and make the branch LD_BUG.Nick Mathewson
(It's LD_BUG to reach this point because the hashed password values were tested earlier from options_validate) [Coverity CID 1232091]
2014-08-21Explicitly cast when dividing ints then implicitly casting to double.Nick Mathewson
Coverity thinks that when we do "double x = int1/int2;", we probably meant "double x = ((double)int1) / int2;". In these cases, we didn't. [Coverity CID 1232089 and 1232090]
2014-08-21Fix memory leaks in test_entrynodes.cNick Mathewson
[Coverity CID 1232087 and 1232088]