-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NOnion,Tests: unify crypto dependencies #62
base: master
Are you sure you want to change the base?
Commits on Apr 12, 2023
-
Network: clients don't report their addrs
Apparently, clients don't have to report their IP addresses.
Configuration menu - View commit details
-
Copy full SHA for dfd277f - Browse repository at this point
Copy the full SHA dfd277fView commit details -
Network: verify router's ip address
According to spec: Initiators SHOULD use "this OR's address" to make sure that they have connected to another OR at its canonical address.
Configuration menu - View commit details
-
Copy full SHA for f5d9396 - Browse repository at this point
Copy the full SHA f5d9396View commit details -
Network: respect spec wrt generating NETINFO
According to spec: Clients SHOULD send "0" as their timestamp, to avoid fingerprinting.
Configuration menu - View commit details
-
Copy full SHA for 0a095cf - Browse repository at this point
Copy the full SHA 0a095cfView commit details -
Network: verify guard certs with rsa fingerprint
According to spec: ``` To authenticate the responder as having a given RSA identity only, the initiator MUST check the following: * The CERTS cell contains exactly one CertType 1 "Link" certificate. * The CERTS cell contains exactly one CertType 2 "ID" certificate. * Both certificates have validAfter and validUntil dates that are not expired. * The certified key in the Link certificate matches the link key that was used to negotiate the TLS connection. * The certified key in the ID certificate is a 1024-bit RSA key. * The certified key in the ID certificate was used to sign both certificates. * The link certificate is correctly signed with the key in the ID certificate * The ID certificate is correctly self-signed. In both cases above, checking these conditions is sufficient to authenticate that the initiator is talking to the Tor node with the expected identity, as certified in the ID certificate(s). ```
Configuration menu - View commit details
-
Copy full SHA for fe050f0 - Browse repository at this point
Copy the full SHA fe050f0View commit details -
Configuration menu - View commit details
-
Copy full SHA for cf83ff1 - Browse repository at this point
Copy the full SHA cf83ff1View commit details -
Directory,Tests: validate consensus data
Making sure consensus data is signed by majority of trusted authorities is probably the most important security check in TOR which was missing from NOnion, this commit fixes that. This commit also fixes an issue with parsing directory signatures, adds digest calculation to NetworkStatus and changes networkstatus.json to use Indented formating to help with manual validatation.
Configuration menu - View commit details
-
Copy full SHA for b0edcfc - Browse repository at this point
Copy the full SHA b0edcfcView commit details
Commits on Apr 13, 2023
-
Directory,Utility: EmbeddedResources for authDirs
This commit moves the auth_dirs.inc file to EmbeddedResource so end users don't have to carry the list around with their applications.
Configuration menu - View commit details
-
Copy full SHA for 8591ad9 - Browse repository at this point
Copy the full SHA 8591ad9View commit details
Commits on Apr 15, 2023
-
Directory,Tests: remove janky pem reader
This commit removes janky pem reader code in favour of Bouncycastle's PemReader.
Configuration menu - View commit details
-
Copy full SHA for 7c45b97 - Browse repository at this point
Copy the full SHA 7c45b97View commit details
Commits on Apr 19, 2023
-
NOnion,Tests: unify crypto dependencies
This commit replaces Chaos.NaCl in favour of our custom bouncycastle.
Configuration menu - View commit details
-
Copy full SHA for 2aab074 - Browse repository at this point
Copy the full SHA 2aab074View commit details