From 5c98fd575b72ea1b80805a38e6b9df1e88a204d4 Mon Sep 17 00:00:00 2001 From: erinn Date: Mon, 8 Oct 2018 20:19:19 -0700 Subject: [PATCH 1/3] make local port selection deterministic and detach from the control port to improve performance --- application/ricochetonion.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/application/ricochetonion.go b/application/ricochetonion.go index 8f52ee7..27cc017 100644 --- a/application/ricochetonion.go +++ b/application/ricochetonion.go @@ -29,7 +29,7 @@ func SetupOnion(torControlAddress string, torControlSocketType string, authentic return c.NewListener(cfg, onionport) } -func SetupOnionV3(torControlAddress string, torControlSocketType string, authentication string, pk ed25519.PrivateKey, onionport uint16) (net.Listener, error) { +func SetupOnionV3(torControlAddress string, torControlSocketType string, authentication string, pk ed25519.PrivateKey, onionstr string, onionport uint16) (net.Listener, error) { c, err := bulb.Dial(torControlSocketType, torControlAddress) if err != nil { return nil, err @@ -56,7 +56,8 @@ func SetupOnionV3(torControlAddress string, torControlSocketType string, authent cfg := &bulb.NewOnionConfig{ DiscardPK: true, PrivateKey: onionPK, + Detach: true, } - return c.NewListener(cfg, onionport) + return c.RecoverListener(cfg, onionstr, onionport) } From fb8c0cac2746317afa7e3b7ee47277dc184f177e Mon Sep 17 00:00:00 2001 From: erinn Date: Tue, 9 Oct 2018 10:14:28 -0700 Subject: [PATCH 2/3] tidying up code paths and making detport selection a little better --- application/examples/v3/main.go | 4 ++-- ricochet.go | 2 +- utils/networkresolver.go | 40 +++++++++++++++++++++++---------- 3 files changed, 31 insertions(+), 15 deletions(-) diff --git a/application/examples/v3/main.go b/application/examples/v3/main.go index 0dac8cd..b127f75 100644 --- a/application/examples/v3/main.go +++ b/application/examples/v3/main.go @@ -13,10 +13,10 @@ import ( // An example of how to setup a v3 onion service in go func main() { cpubk, cprivk, _ := ed25519.GenerateKey(rand.Reader) - l, err := application.SetupOnionV3("127.0.0.1:9051", "tcp4", "", cprivk, 9878) + l, err := application.SetupOnionV3("127.0.0.1:9051", "tcp4", "", cprivk, "", 9878) utils.CheckError(err) log.Printf("Got Listener %v", l.Addr().String()) decodedPub, err := base32.StdEncoding.DecodeString(strings.ToUpper(l.Addr().String()[:56])) log.Printf("Decoded Public Key: %x %v", decodedPub[:32], err) log.Printf("ed25519 Public Key: %x", cpubk) -} +} \ No newline at end of file diff --git a/ricochet.go b/ricochet.go index ad9a269..cb74cfb 100644 --- a/ricochet.go +++ b/ricochet.go @@ -5,7 +5,7 @@ import ( "git.openprivacy.ca/openprivacy/libricochet-go/utils" "io" "net" -) + ) // Open establishes a protocol session on an established net.Conn, and returns a new // OpenConnection instance representing this connection. On error, the connection diff --git a/utils/networkresolver.go b/utils/networkresolver.go index f5c064f..0e7be34 100644 --- a/utils/networkresolver.go +++ b/utils/networkresolver.go @@ -5,6 +5,8 @@ import ( "golang.org/x/net/proxy" "net" "strings" + "fmt" + "log" ) const ( @@ -54,28 +56,42 @@ func (nr *NetworkResolver) Resolve(hostname string) (net.Conn, string, error) { conn, err := torDialer.Dial("tcp", resolvedHostname+".onion:9878") if err != nil { - NewNym("127.0.0.1:9051", "tcp4", "", 9878) - conn, err = torDialer.Dial("tcp", resolvedHostname+".onion:9878") + torc, err := bulb.Dial("tcp4", "127.0.0.1:9051") + if err != nil { + log.Printf("%v\n", err) + return nil, "", err + } + err = torc.Authenticate("") if err != nil { return nil, "", err } + + NewNym(torc) + conn, err = torDialer.Dial("tcp", resolvedHostname+".onion:9878") + return nil, "", err } return conn, resolvedHostname, nil } + +func GetTorVersion(c *bulb.Conn) (string, error) { + resp, err := c.Request("GETINFO version") + if err != nil { + fmt.Printf("error getting tor version: %v\n", err) + return "", nil + } + if len(resp.Data) > 0 { + return resp.Data[0], nil + } + return "", nil +} + // runs SIGNAL NEWNYM on the tor control port to flush the onion descriptors cache -func NewNym(torControlAddress string, torControlSocketType string, authentication string, onionport uint16) error { - c, err := bulb.Dial(torControlSocketType, torControlAddress) +func NewNym(c *bulb.Conn) error { + _, err := c.Request("SIGNAL NEWNYM") if err != nil { - return err + c.Close() } - - err = c.Authenticate(authentication) - if err != nil { - return err - } - - _, err = c.Request("SIGNAL NEWNYM") return err } From e825e52a7c2dfe8c1147d6e6143b236b580c64fd Mon Sep 17 00:00:00 2001 From: erinn Date: Tue, 9 Oct 2018 12:55:42 -0700 Subject: [PATCH 3/3] check current onion descriptors on old versions of tor to see if they're out-of-sync --- application/examples/v3/main.go | 2 +- application/ricochetonion.go | 3 ++- channels/v3/outbound/3dauthchannel.go | 4 +--- connection/connection_test.go | 4 +--- ricochet.go | 2 +- utils/crypto.go | 2 +- utils/networkresolver.go | 16 +--------------- 7 files changed, 8 insertions(+), 25 deletions(-) diff --git a/application/examples/v3/main.go b/application/examples/v3/main.go index b127f75..70dbfca 100644 --- a/application/examples/v3/main.go +++ b/application/examples/v3/main.go @@ -19,4 +19,4 @@ func main() { decodedPub, err := base32.StdEncoding.DecodeString(strings.ToUpper(l.Addr().String()[:56])) log.Printf("Decoded Public Key: %x %v", decodedPub[:32], err) log.Printf("ed25519 Public Key: %x", cpubk) -} \ No newline at end of file +} diff --git a/application/ricochetonion.go b/application/ricochetonion.go index 27cc017..b1637c5 100644 --- a/application/ricochetonion.go +++ b/application/ricochetonion.go @@ -54,9 +54,10 @@ func SetupOnionV3(torControlAddress string, torControlSocketType string, authent } cfg := &bulb.NewOnionConfig{ + Onion: onionstr, DiscardPK: true, PrivateKey: onionPK, - Detach: true, + Detach: true, } return c.RecoverListener(cfg, onionstr, onionport) diff --git a/channels/v3/outbound/3dauthchannel.go b/channels/v3/outbound/3dauthchannel.go index cb278dc..93c3388 100644 --- a/channels/v3/outbound/3dauthchannel.go +++ b/channels/v3/outbound/3dauthchannel.go @@ -102,12 +102,10 @@ func (ah *Client3DHAuthChannel) OpenOutboundResult(err error, crm *Protocol_Data serverPublicKey, _ := proto.GetExtension(crm, Protocol_Data_Auth_TripleEDH.E_ServerPublicKey) serverEphemeralPublicKey, _ := proto.GetExtension(crm, Protocol_Data_Auth_TripleEDH.E_ServerEphmeralPublicKey) - - serverPubKeyBytes := serverPublicKey.([]byte) ah.serverPubKey = ed25519.PublicKey(serverPubKeyBytes[:]) - if utils.GetTorV3Hostname(ah.serverPubKey) != ah.ServerHostname { + if utils.GetTorV3Hostname(ah.serverPubKey) != ah.ServerHostname { ah.channel.CloseChannel() return } diff --git a/connection/connection_test.go b/connection/connection_test.go index e1b8190..fa9ba05 100644 --- a/connection/connection_test.go +++ b/connection/connection_test.go @@ -97,7 +97,6 @@ func TestProcessAuthAsV3ServerFail(t *testing.T) { cpub, cpriv, _ := ed25519.GenerateKey(rand.Reader) - // Setting the RemoteHostname to the client pub key approximates a server sending the wrong public key. hostname := utils.GetTorV3Hostname(cpub) orc := NewOutboundConnection(cconn, hostname) @@ -115,7 +114,6 @@ func TestProcessAuthAsV3ServerFail(t *testing.T) { } } - func TestProcessAuthAsV3ClientFail(t *testing.T) { ln, _ := net.Listen("tcp", "127.0.0.1:0") @@ -127,7 +125,7 @@ func TestProcessAuthAsV3ClientFail(t *testing.T) { // Giving the client inconsistent keypair to make EDH fail cpub, _, _ := ed25519.GenerateKey(rand.Reader) - _,cpriv, _ := ed25519.GenerateKey(rand.Reader) + _, cpriv, _ := ed25519.GenerateKey(rand.Reader) hostname := utils.GetTorV3Hostname(pub) orc := NewOutboundConnection(cconn, hostname) diff --git a/ricochet.go b/ricochet.go index cb74cfb..ad9a269 100644 --- a/ricochet.go +++ b/ricochet.go @@ -5,7 +5,7 @@ import ( "git.openprivacy.ca/openprivacy/libricochet-go/utils" "io" "net" - ) +) // Open establishes a protocol session on an established net.Conn, and returns a new // OpenConnection instance representing this connection. On error, the connection diff --git a/utils/crypto.go b/utils/crypto.go index 3650999..74d41f2 100644 --- a/utils/crypto.go +++ b/utils/crypto.go @@ -6,8 +6,8 @@ import ( "crypto/x509" "encoding/pem" "errors" - "github.com/agl/ed25519/extra25519" "git.openprivacy.ca/openprivacy/asaur/utils/pkcs1" + "github.com/agl/ed25519/extra25519" "golang.org/x/crypto/curve25519" "golang.org/x/crypto/ed25519" "io/ioutil" diff --git a/utils/networkresolver.go b/utils/networkresolver.go index 0e7be34..2d2a6f2 100644 --- a/utils/networkresolver.go +++ b/utils/networkresolver.go @@ -3,10 +3,9 @@ package utils import ( "git.openprivacy.ca/openprivacy/asaur" "golang.org/x/net/proxy" + "log" "net" "strings" - "fmt" - "log" ) const ( @@ -74,19 +73,6 @@ func (nr *NetworkResolver) Resolve(hostname string) (net.Conn, string, error) { return conn, resolvedHostname, nil } - -func GetTorVersion(c *bulb.Conn) (string, error) { - resp, err := c.Request("GETINFO version") - if err != nil { - fmt.Printf("error getting tor version: %v\n", err) - return "", nil - } - if len(resp.Data) > 0 { - return resp.Data[0], nil - } - return "", nil -} - // runs SIGNAL NEWNYM on the tor control port to flush the onion descriptors cache func NewNym(c *bulb.Conn) error { _, err := c.Request("SIGNAL NEWNYM")