aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-09-25Fix warnings on 32-bit builds.Nick Mathewson
When size_t is the most memory you can have, make sure that things referring to real parts of memory are size_t, not uint64_t or off_t. But not on any released Tor.
2014-09-25Merge branch 'ed25519_ref10_squashed'Nick Mathewson
Conflicts: src/common/include.am src/ext/README
2014-09-25Comments and tweaks based on review by asnNick Mathewson
Add some documentation Rename "derive" -> "blind" Check for failure on randombytes().
2014-09-25Add benchmarks for ed25519 functionsNick Mathewson
2014-09-25Add comments to ed25519_vectors.incNick Mathewson
2014-09-25Cut the time to run the python ed25519 tests by a factor of ~6Nick Mathewson
I know it's pointless to optimize them, but I just can't let them spend all that time in expmod() when native python pow() does the same thing.
2014-09-25Add a reference implementation of our ed25519 modificationsNick Mathewson
Also, use it to generate test vectors, and add those test vectors to test_crypto.c This is based on ed25519.py from the ed25519 webpage; the kludgy hacks are my own.
2014-09-25Add the pure-python ed25519 implementation, for testing.Nick Mathewson
2014-09-25More documentation for ed25519 stuff.Nick Mathewson
2014-09-25Fix linux compilation of ed25519_ref10Nick Mathewson
Our integer-definition headers apparently suck in a definition for select(2), which interferes with the select() in ge_scalarmult_base.c
2014-09-25Draft implementation for ed25519 key blinding, as in prop224Nick Mathewson
This implementation allows somebody to add a blinding factor to a secret key, and a corresponding blinding factor to the public key. Robert Ransom came up with this idea, I believe. Nick Hopper proved a scheme like this secure. The bugs are my own.
2014-09-25Add curve25519->ed25519 key conversion per proposal 228Nick Mathewson
For proposal 228, we need to cross-certify our identity with our curve25519 key, so that we can prove at descriptor-generation time that we own that key. But how can we sign something with a key that is only for doing Diffie-Hellman? By converting it to the corresponding ed25519 point. See the ALL-CAPS warning in the documentation. According to djb (IIUC), it is safe to use these keys in the ways that ntor and prop228 are using them, but it might not be safe if we start providing crazy oracle access. (Unit tests included. What kind of a monster do you take me for?)
2014-09-25Support for writing ed25519 public/private components to disk.Nick Mathewson
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25Add encode/decode functions for ed25519 public keysNick Mathewson
2014-09-25Restore the operation of extra_strong in ed25519_secret_key_generateNick Mathewson
2014-09-25Another ed25519 tweak: store secret keys in expanded formatNick Mathewson
This will be needed/helpful for the key blinding of prop224, I believe.
2014-09-25Fix API for ed25519_ref10_open()Nick Mathewson
This is another case where DJB likes sticking the whole signature prepended to the message, and I don't think that's the hottest idea. The unit tests still pass.
2014-09-25Tweak ed25519 ref10 signing interface to use less space.Nick Mathewson
Unit tests still pass.
2014-09-25Tweak ref10 keygen APIs to be more sane.Nick Mathewson
2014-09-25Add Ed25519 support, wrappers, and tests.Nick Mathewson
Taken from earlier ed25519 branch based on floodyberry's ed25519-donna. Tweaked so that it applies to ref10 instead.
2014-09-25Use --require-version to prevent running trunnel pre-1.2Nick Mathewson
(Also, regenerate trunnel stuff with trunnel 1.2. This just adds a few comments to our output.)
2014-09-25Add a script to run trunnel on the trunnel files.Nick Mathewson
Also, re-run the latest trunnel. Closes ticket 13242
2014-09-25Mention trunnel in LICENSE and src/ext/READMENick Mathewson
2014-09-25Merge branch 'libscrypt_trunnel_squashed'Nick Mathewson
Conflicts: src/test/test_crypto.c
2014-09-25Add tests for failing cases of crypto_pwboxNick Mathewson
2014-09-25Use trunnel for crypto_pwbox encoding/decoding.Nick Mathewson
This reduces the likelihood that I have made any exploitable errors in the encoding/decoding. This commit also imports the trunnel runtime source into Tor.
2014-09-25Adjust pwbox format: use a random IV each timeNick Mathewson
Suggested by yawning
2014-09-25Test a full array of s2k flags with pwbox test.Nick Mathewson
Suggested by yawning.
2014-09-25Use preferred key-expansion means for pbkdf2, scrypt.Nick Mathewson
Use HKDF for RFC2440 s2k only.
2014-09-25Test vectors for PBKDF2 from RFC6070Nick Mathewson
2014-09-25Test vectors for scrypt from draft-josefsson-scrypt-kdf-00Nick Mathewson
2014-09-25Tweak and expose secret_to_key_compute_key for testingNick Mathewson
Doing this lets me pass in a salt of an unusual length.
2014-09-25Rudimentary-but-sufficient passphrase-encrypted box code.Nick Mathewson
See crypto_pwbox.c for a description of the file format. There are tests for successful operation, but it still needs error-case tests.
2014-09-25More generic passphrase hashing code, including scrypt supportNick Mathewson
Uses libscrypt when found; otherwise, we don't have scrypt and we only support openpgp rfc2440 s2k hashing, or pbkdf2. Includes documentation and unit tests; coverage around 95%. Remaining uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-23two more typosRoger Dingledine
2014-09-22+ is not how we say concatenateRoger Dingledine
2014-09-22Merge branch 'bug8197_squashed'Nick Mathewson
Conflicts: src/test/test_policy.c
2014-09-22Writing comments for newly added functions.rl1987
2014-09-22Whitespace fixesrl1987
2014-09-22Using the new API in unit-test.rl1987
2014-09-22New API for policies_parse_exit_policy().rl1987
2014-09-22Remove config options that have been obsolete since 0.2.3Adrien BAK
2014-09-22Merge remote-tracking branch 'arma/feature13211'Nick Mathewson
2014-09-22Merge remote-tracking branch 'arma/feature13153'Nick Mathewson
2014-09-22Merge remote-tracking branch 'public/bug7733a'Nick Mathewson
2014-09-21clients use optimistic data when reaching hidden servicesRoger Dingledine
Allow clients to use optimistic data when connecting to a hidden service, which should cut out the initial round-trip for client-side programs including Tor Browser. (Now that Tor 0.2.2.x is obsolete, all hidden services should support server-side optimistic data.) See proposal 181 for details. Implements ticket 13211.
2014-09-21Use optimistic data even if we don't know exitnode->rsRoger Dingledine
I think we should know the routerstatus for our exit relay, since we built a circuit to it. So I think this is just a code simplication.
2014-09-21get rid of routerstatus->version_supports_optimistic_dataRoger Dingledine
Clients are now willing to send optimistic circuit data (before they receive a 'connected' cell) to relays of any version. We used to only do it for relays running 0.2.3.1-alpha or later, but now all relays are new enough. Resolves ticket 13153.
2014-09-21get rid of trivial redundant commentRoger Dingledine
2014-09-21Stop silently skipping invalid args to seteventsRoger Dingledine
Return an error when the second or later arguments of the "setevents" controller command are invalid events. Previously we would return success while silently skipping invalid events. Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".