Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security and Privacy #59

Merged
merged 8 commits into from
May 2, 2023
Merged

Security and Privacy #59

merged 8 commits into from
May 2, 2023

Conversation

aarani
Copy link
Collaborator

@aarani aarani commented Apr 9, 2023
edited
Loading

The goal for this PR is to implement as much security checks we can.

@aarani aarani marked this pull request as draft April 9, 2023 14:13
@aarani aarani force-pushed the miscSec branch 2 times, most recently from 9658bae to 933fb55 Compare April 9, 2023 14:17
@aarani aarani changed the title miscellaneous stuff mostly security and privacy Miscellaneous stuff mostly security and privacy Apr 9, 2023
@aarani aarani force-pushed the miscSec branch 4 times, most recently from 2e15f49 to 048742c Compare April 12, 2023 17:29
@aarani aarani changed the title Miscellaneous stuff mostly security and privacy Security and Privacy Apr 12, 2023
@aarani aarani force-pushed the miscSec branch 5 times, most recently from 9f764fc to b0edcfc Compare April 12, 2023 17:45
@aarani aarani marked this pull request as ready for review April 13, 2023 14:41
@aarani
Copy link
Collaborator Author

aarani commented Apr 13, 2023
edited
Loading

Since this is a rabbit hole we need to flush these every few commits
so we don't make it impossible to review them, so I'm gonna un-draft this.

@aarani aarani force-pushed the miscSec branch 6 times, most recently from 2aab074 to 7c45b97 Compare April 19, 2023 14:39
@aarani aarani mentioned this pull request Apr 19, 2023
Open
@aarani aarani force-pushed the miscSec branch 3 times, most recently from fdc84a1 to 9b4d817 Compare April 25, 2023 19:53
knocte
knocte reviewed Apr 27, 2023
View reviewed changes
NOnion/Network/TorGuard.fs Outdated Show resolved Hide resolved
@aarani
Network: clients don't report their addrs
b720c8a 
Apparently, clients don't have to report
their IP addresses.
@aarani
Network: verify router's ip address
7bb789f 
According to spec:
Initiators SHOULD use "this OR's address" to make sure
that they have connected to another OR at its canonical address.
@aarani
Network: respect spec wrt generating NETINFO
431ff31 
According to spec:
Clients SHOULD send "0" as their timestamp,
to avoid fingerprinting.
@aarani
Network: verify guard certs with rsa fingerprint
be7fcdd 
According to spec:
```
   To authenticate the responder as having a given RSA identity only,
   the initiator MUST check the following:

     * The CERTS cell contains exactly one CertType 1 "Link" certificate.
     * The CERTS cell contains exactly one CertType 2 "ID" certificate.
     * Both certificates have validAfter and validUntil dates that
       are not expired.
     * The certified key in the Link certificate matches the
       link key that was used to negotiate the TLS connection.
     * The certified key in the ID certificate is a 1024-bit RSA key.
     * The certified key in the ID certificate was used to sign both
       certificates.
     * The link certificate is correctly signed with the key in the
       ID certificate
     * The ID certificate is correctly self-signed.

   In both cases above, checking these conditions is sufficient to
   authenticate that the initiator is talking to the Tor node with the
   expected identity, as certified in the ID certificate(s).
```
@aarani aarani mentioned this pull request Apr 30, 2023
Open
@aarani aarani requested a review from knocte May 1, 2023 12:48
@knocte
Copy link
Member

knocte commented May 1, 2023

typo in one of the commit msgs: validatation

@knocte
Copy link
Member

knocte commented May 1, 2023

Directory: fix broken directory-signature parsing

Why was it broken?

@aarani
Directory: fix broken directory-signature parsing
2661fa6 
The previous implementation did not support
the optional digest-algorithm property in
the directory-signature object which is
present in micro-consensus.
@aarani
Copy link
Collaborator Author

aarani commented May 2, 2023

typo in one of the commit msgs: validatation

Fixed

@aarani
Copy link
Collaborator Author

aarani commented May 2, 2023

Directory: fix broken directory-signature parsing

Why was it broken?

Added to the commit msg

aarani added 3 commits May 2, 2023 17:39
@aarani
Directory,Tests: validate consensus data
8fbf698 
Making sure consensus data is signed by majority
of trusted authorities is probably the most important
security check in TOR which was missing from NOnion,
this commit fixes that.

This commit also fixes an issue with parsing
directory signatures, adds digest calculation
to NetworkStatus and changes networkstatus.json
to use Indented formating to help with manual
validation.
@aarani
Directory,Utility: EmbeddedResources for authDirs
cda3837 
This commit moves the auth_dirs.inc file
to EmbeddedResource so end users don't have to
carry the list around with their applications.
@aarani
Directory,Tests: remove janky pem reader
feee458 
This commit removes janky pem reader code
in favour of Bouncycastle's PemReader.
@aarani aarani merged commit 7662941 into nblockchain:master May 2, 2023
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knocte knocte knocte approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aarani @knocte