[tor-commits] [tor-browser-build/master] Changelog update to add AltSvc ticket
commit a8e628fec8bb6e33e0b7e6ba04a5d793240cf99a Author: Georg Koppen Date: Mon Aug 27 05:44:52 2018 + Changelog update to add AltSvc ticket --- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index e9b394a..f4d8dec 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -23,7 +23,7 @@ Tor Browser 8.0a10 -- August 20 2018 * Bug 26477: Make meek extension compatible with ESR 60 * Bug 27082: Enable a limited UITour for user onboarding * Bug 26961: New user onboarding - * Bug 14952: Enable HTTP2 and AltSvc + * Bug 14952+24553: Enable HTTP2 and AltSvc * Bug 25735: Tor Browser stalls while loading Facebook login page * Bug 17252: Enable TLS session identifiers with first-party isolation * Bug 26353: Prevent speculative connects that violate first-party isolation ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit 6e27d59bca4360731b7cf5fcecea9fbe6d5169df Author: Translation commit bot Date: Mon Aug 27 05:18:56 2018 + Update translations for support-portal --- contents+el.po | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/contents+el.po b/contents+el.po index 7da75bb10..e35283284 100644 --- a/contents+el.po +++ b/contents+el.po @@ -288,7 +288,7 @@ msgstr "" #: http//localhost/operators/operators-4/ #: (content/operators/operators-4/contents+en.lrquestion.description) msgid "$ sudo apt-get install tor deb.torproject.org-keyring" -msgstr "" +msgstr "$ sudo apt-get install tor deb.torproject.org-keyring" #: http//localhost/misc/misc-3/ #: (content/misc/misc-3/contents+en.lrquestion.description) @@ -345,7 +345,7 @@ msgstr "" #: http//localhost/operators/operators-3/ #: (content/operators/operators-3/contents+en.lrquestion.description) msgid "RunAsDaemon 1" -msgstr "" +msgstr "RunAsDaemon 1" #: http//localhost/operators/operators-4/ #: (content/operators/operators-4/contents+en.lrquestion.seo_slug) @@ -410,7 +410,7 @@ msgstr "" #: http//localhost/tbb/tbb-37/ #: (content/tbb/tbb-37/contents+en.lrquestion.description) msgid "* Polish (pl)" -msgstr "" +msgstr "* Polish (pl)" #: http//localhost/tbb/tbb-31/ #: (content/tbb/tbb-31/contents+en.lrquestion.description) @@ -569,6 +569,8 @@ msgid "" "" msgstr "" +"" #: http//localhost/censorship/censorship-7/ #: (content/censorship/censorship-7/contents+en.lrquestion.description) @@ -870,7 +872,7 @@ msgstr "ÎÏοÏÏ Î½Î± ÏÏÎÎ¾Ï Ïο Tor Ïε μια ÏÏ ÏÎºÎµÏ Î® Android;" #: http//localhost/operators/operators-6/ #: (content/operators/operators-6/contents+en.lrquestion.description) msgid "#RelayBandwidthBurst 100 MBytes" -msgstr "" +msgstr "#RelayBandwidthBurst 100 MBytes" #: http//localhost/operators/operators-2/ #: (content/operators/operators-2/contents+en.lrquestion.description) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit 3e3def8f55c2ac59085d1080cf248fdb18484d4e Author: Translation commit bot Date: Mon Aug 27 04:48:57 2018 + Update translations for support-portal --- contents+el.po | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contents+el.po b/contents+el.po index 9e7181d81..7da75bb10 100644 --- a/contents+el.po +++ b/contents+el.po @@ -7,13 +7,14 @@ # Kostas Papadopoulos , 2018 # Sofia K., 2018 # A Papac , 2018 +# Emma Peel, 2018 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-08-26 08:16+CET\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: A Papac , 2018\n" +"Last-Translator: Emma Peel, 2018\n" "Language-Team: Greek (https://www.transifex.com/otf/teams/1519/el/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -2377,7 +2378,7 @@ msgstr "" #: http//localhost/tbb/tbb-7/ #: (content/tbb/tbb-7/contents+en.lrquestion.description) msgid "Thank you.\"" -msgstr "" +msgstr "ÎÏ ÏαÏιÏÏÏ.\"" #: http//localhost/tbb/tbb-37/ #: (content/tbb/tbb-37/contents+en.lrquestion.description) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal_completed] Update translations for support-portal_completed
commit 01a2734320e82f8c0ba2fcb8229e1f7f93fd798f Author: Translation commit bot Date: Mon Aug 27 04:19:06 2018 + Update translations for support-portal_completed --- contents+tr.po | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contents+tr.po b/contents+tr.po index 5d99fb846..41f301423 100644 --- a/contents+tr.po +++ b/contents+tr.po @@ -2006,6 +2006,8 @@ msgid "" "href=\"https://www.torproject.org/projects/torbrowser.html.en\;>Tor " "Browser in the following languages:" msgstr "" +"https://www.torproject.org/projects/torbrowser.html.en\;>Tor" +" Browser Åu dillerde sunulmaktadır:" #: http//localhost/tbb/tbb-39/ #: (content/tbb/tbb-39/contents+en.lrquestion.seo_slug) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit 7ae64122e4912bc88cba6da1ed80d983ddc4204c Author: Translation commit bot Date: Mon Aug 27 04:19:01 2018 + Update translations for support-portal --- contents+tr.po | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contents+tr.po b/contents+tr.po index 5d99fb846..41f301423 100644 --- a/contents+tr.po +++ b/contents+tr.po @@ -2006,6 +2006,8 @@ msgid "" "href=\"https://www.torproject.org/projects/torbrowser.html.en\;>Tor " "Browser in the following languages:" msgstr "" +"https://www.torproject.org/projects/torbrowser.html.en\;>Tor" +" Browser Åu dillerde sunulmaktadır:" #: http//localhost/tbb/tbb-39/ #: (content/tbb/tbb-39/contents+en.lrquestion.seo_slug) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd_completed] Update translations for torbutton-abouttbupdatedtd_completed
commit a810ce420a1ca54d1b09da499d1959f87c7b Author: Translation commit bot Date: Mon Aug 27 04:18:16 2018 + Update translations for torbutton-abouttbupdatedtd_completed --- tr/abouttbupdate.dtd | 4 1 file changed, 4 insertions(+) diff --git a/tr/abouttbupdate.dtd b/tr/abouttbupdate.dtd index 5aac624f5..a00580432 100644 --- a/tr/abouttbupdate.dtd +++ b/tr/abouttbupdate.dtd @@ -4,3 +4,7 @@ + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd] Update translations for torbutton-abouttbupdatedtd
commit 2b17107435a5b88d363212fc0331f4720f3f883c Author: Translation commit bot Date: Mon Aug 27 04:18:10 2018 + Update translations for torbutton-abouttbupdatedtd --- tr/abouttbupdate.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tr/abouttbupdate.dtd b/tr/abouttbupdate.dtd index 4146bd31b..a00580432 100644 --- a/tr/abouttbupdate.dtd +++ b/tr/abouttbupdate.dtd @@ -5,6 +5,6 @@ - - + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd_completed] Update translations for torbutton-abouttbupdatedtd_completed
commit e6eec4f074f338a9df0ac40aa71d398185ddef69 Author: Translation commit bot Date: Mon Aug 27 00:49:24 2018 + Update translations for torbutton-abouttbupdatedtd_completed --- en/abouttbupdate.dtd | 4 1 file changed, 4 insertions(+) diff --git a/en/abouttbupdate.dtd b/en/abouttbupdate.dtd index 37567bd7e..f7b3f2ed8 100644 --- a/en/abouttbupdate.dtd +++ b/en/abouttbupdate.dtd @@ -4,3 +4,7 @@ + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd] Update translations for torbutton-abouttbupdatedtd
commit ec98045bb1d716db645840f6ace1ff5bb1ebfbe2 Author: Translation commit bot Date: Mon Aug 27 00:49:17 2018 + Update translations for torbutton-abouttbupdatedtd --- ach/abouttbupdate.dtd | 4 af/abouttbupdate.dtd | 4 ak/abouttbupdate.dtd | 4 am/abouttbupdate.dtd | 4 ar/abouttbupdate.dtd | 4 arn/abouttbupdate.dtd | 4 ast/abouttbupdate.dtd | 4 az/abouttbupdate.dtd | 4 be/abouttbupdate.dtd | 4 bg/abouttbupdate.dtd | 4 bn_BD/abouttbupdate.dtd | 4 bo/abouttbupdate.dtd | 4 br/abouttbupdate.dtd | 4 brx/abouttbupdate.dtd | 4 bs/abouttbupdate.dtd | 4 ca/abouttbupdate.dtd | 4 cs/abouttbupdate.dtd | 4 csb/abouttbupdate.dtd | 4 cv/abouttbupdate.dtd | 4 cy/abouttbupdate.dtd | 4 da/abouttbupdate.dtd | 4 de/abouttbupdate.dtd | 4 dz/abouttbupdate.dtd | 4 el/abouttbupdate.dtd | 4 en/abouttbupdate.dtd | 4 en_GB/abouttbupdate.dtd | 4 eo/abouttbupdate.dtd | 4 es/abouttbupdate.dtd | 4 es_AR/abouttbupdate.dtd | 4 es_CL/abouttbupdate.dtd | 4 es_CO/abouttbupdate.dtd | 4 es_MX/abouttbupdate.dtd | 4 et/abouttbupdate.dtd | 4 eu/abouttbupdate.dtd | 4 fa/abouttbupdate.dtd | 4 fi/abouttbupdate.dtd | 4 fil/abouttbupdate.dtd | 4 fo/abouttbupdate.dtd | 4 fr/abouttbupdate.dtd | 4 fur/abouttbupdate.dtd | 4 fy/abouttbupdate.dtd | 4 ga/abouttbupdate.dtd | 4 gd/abouttbupdate.dtd | 4 gl/abouttbupdate.dtd | 4 gu/abouttbupdate.dtd | 4 gu_IN/abouttbupdate.dtd | 4 gun/abouttbupdate.dtd | 4 ha/abouttbupdate.dtd | 4 he/abouttbupdate.dtd | 8 ++-- hi/abouttbupdate.dtd | 4 hr/abouttbupdate.dtd | 4 hr_HR/abouttbupdate.dtd | 4 ht/abouttbupdate.dtd | 4 hu/abouttbupdate.dtd | 4 hy/abouttbupdate.dtd | 4 ia/abouttbupdate.dtd | 4 id/abouttbupdate.dtd | 4 is/abouttbupdate.dtd | 4 it/abouttbupdate.dtd | 4 ja/abouttbupdate.dtd | 4 jv/abouttbupdate.dtd | 4 ka/abouttbupdate.dtd | 4 kk/abouttbupdate.dtd | 4 km/abouttbupdate.dtd | 4 kn/abouttbupdate.dtd | 4 ko/abouttbupdate.dtd | 4 ko_KR/abouttbupdate.dtd | 4 ku/abouttbupdate.dtd | 4 ku_IQ/abouttbupdate.dtd | 4 kw/abouttbupdate.dtd | 4 ky/abouttbupdate.dtd | 4 la/abouttbupdate.dtd | 4 lb/abouttbupdate.dtd | 4 lg/abouttbupdate.dtd | 4 ln/abouttbupdate.dtd | 4 lo/abouttbupdate.dtd | 4 lt/abouttbupdate.dtd | 4 lv/abouttbupdate.dtd | 4 mg/abouttbupdate.dtd | 4 mi/abouttbupdate.dtd | 4 mk/abouttbupdate.dtd | 4 ml/abouttbupdate.dtd | 4 mn/abouttbupdate.dtd | 4 mr/abouttbupdate.dtd | 4 ms_MY/abouttbupdate.dtd | 4 mt/abouttbupdate.dtd | 4 my/abouttbupdate.dtd | 4 nah/abouttbupdate.dtd | 4 nap/abouttbupdate.dtd | 4 nb/abouttbupdate.dtd | 4 ne/abouttbupdate.dtd | 4 nl/abouttbupdate.dtd | 4 nl_BE/abouttbupdate.dtd | 4 nn/abouttbupdate.dtd | 4 nso/abouttbupdate.dtd | 4 oc/abouttbupdate.dtd | 4 om/abouttbupdate.dtd | 4 or/abouttbupdate.dtd | 4 pa/abouttbupdate.dtd | 4 pap/abouttbupdate.dtd | 4 pl/abouttbupdate.dtd | 4 pms/abouttbupdate.dtd | 4 ps/abouttbupdate.dtd | 4 pt/abouttbupdate.dtd | 4 pt_BR/abouttbupdate.dtd | 4 pt_PT/abouttbupdate.dtd | 4 ro/abouttbupdate.dtd | 4 ru/abouttbupdate.dtd | 4 ru@petr1708/abouttbupdate.dtd | 4 sco/abouttbupdate.dtd | 4 si_LK/abouttbupdate.dtd | 4 sk/abouttbupdate.dtd | 4 sk_SK/abouttbupdate.dtd | 4 sl/abouttbupdate.dtd | 4 sl_SI/abouttbupdate.dtd | 4 sn/abouttbupdate.dtd | 4 so/abouttbupdate.dtd | 4 son/abouttbupdate.dtd | 4 sq/abouttbupdate.dtd | 4 sr/abouttbupdate.dtd | 4
[tor-commits] [stem/master] New RelayCell decrypt method
commit 7d8f1f151d8e2c815e68e0197513f0449a12edd0 Author: Damian Johnson Date: Sun Aug 26 12:23:57 2018 -0700 New RelayCell decrypt method Again, a simple decryption method based on our Circuit's prior send() method. This branch made a valient attempt to implement our decryption digest. But honestly the code is twisty enough that I really don't understand how it's attempting to achieve this (sorry!). Unless I'm missing something decryption digests only play a role when we're a middle hop relay, which we're not even close to implementing. This is why our prior Circuit send() method left it unimplmented. Maybe I'm mistaken? I'd be delighted to support decryption digests if it serves a purpose, and is done in a simpler fashion. --- stem/client/cell.py | 55 + 1 file changed, 55 insertions(+) diff --git a/stem/client/cell.py b/stem/client/cell.py index 29aa18ab..d4540203 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -576,6 +576,61 @@ class RelayCell(CircuitCell): return RelayCell._pack(link_protocol, bytes(payload), self.unused, self.circ_id) + @classmethod + def decrypt(link_protocol, content, key, digest): +""" +Decrypts content as a relay cell addressed to us. This provides back a +tuple of the form... + +:: + + (cell (RelayCell), new_key (CipherContext), new_digest (HASH)) + +:param int link_protocol: link protocol version +:param bytes content: cell content to be decrypted +:param cryptography.hazmat.primitives.ciphers.CipherContext key: + key established with the relay we received this cell from +:param HASH digest: running digest held with the relay + +:returns: **tuple** with our decrypted cell and updated key/digest + +:raises: :class:`stem.ProtocolError` if content doesn't belong to a relay + cell +""" + +new_key = copy.copy(key) +new_digest = digest.copy() + +if len(content) != link_protocol.fixed_cell_length: + raise stem.ProtocolError('RELAY cells should be %i bytes, but received %i' % (link_protocol.fixed_cell_length, len(content))) + +circ_id, content = link_protocol.circ_id_size.pop(content) +command, encrypted_payload = Size.CHAR.pop(content) + +if command != RelayCell.VALUE: + raise stem.ProtocolError('Cannot decrypt as a RELAY cell. This had command %i instead.' % command) + +payload = new_key.update(encrypted_payload) + +cell = RelayCell._unpack(payload, circ_id, link_protocol) + +# TODO: Implement our decryption digest. It is used to support relaying +# within multi-hop circuits. On first glance this should go something +# like... +# +# # Our updated digest is calculated based on this cell with a blanked +# # digest field. +# +# digest_cell = RelayCell(self.id, self.command, self.data, 0, self.stream_id, self.recognized, self.unused) +# new_digest.update(digest_cell.pack(link_protocol)) +# +# is_encrypted == cell.recognized != 0 or self.digest == new_digest +# +# ... or something like that. Until we attempt to support relaying this is +# both moot and difficult to exercise in order to ensure we get it right. + +return cell, new_key, new_digest + def encrypt(self, link_protocol, key, digest): """ Encrypts our cell content to be sent with the given key. This provides back ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] New RelayCell encrypt method
commit 8e83553e578aa0f8819eead434ca7ca26d57d5d9 Author: Damian Johnson Date: Sun Aug 26 11:35:37 2018 -0700 New RelayCell encrypt method "Premature optimization is the root of all evil." While I love the idea of moving our encrypt() and decrypt() methods into the RelayCell class I gotta admit I'm not a fan of the verbosity and large number of helpers. This branche's new RelayCell is far, far more complicated without adding any new capabilities to the Circuit class. As such basing this encrypt() method on our previous Circuit send() code. Hopefully this gets us the best of both worlds: Circuit is simpler because it no longer does encryption/decryption itself, and our RelayCell remains an elegantly simple class too. I suspect Dave might be factoring things this way in anticipation of future additions but I'd rather not complicate our code until it comes hand-in-hand with a practical benefit in doing so. --- stem/client/__init__.py | 2 +- stem/client/cell.py | 35 +++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 19528d67..486ff0a6 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -237,7 +237,7 @@ class Circuit(object): # successfully sent. cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) - payload, forward_digest, forward_key = cell.encrypt(self.relay.link_protocol, self.forward_digest, self.forward_key) + payload, forward_digest, forward_key = cell.encrypt(self.relay.link_protocol, self.forward_key, self.forward_digest) self.relay._orport.send(payload) self.forward_digest = forward_digest diff --git a/stem/client/cell.py b/stem/client/cell.py index b40a30e1..29aa18ab 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -576,6 +576,41 @@ class RelayCell(CircuitCell): return RelayCell._pack(link_protocol, bytes(payload), self.unused, self.circ_id) + def encrypt(self, link_protocol, key, digest): +""" +Encrypts our cell content to be sent with the given key. This provides back +a tuple of the form... + +:: + + (payload (bytes), new_key (CipherContext), new_digest (HASH)) + +:param int link_protocol: link protocol version +:param cryptography.hazmat.primitives.ciphers.CipherContext key: + key established with the relay we're sending this cell to +:param HASH digest: running digest held with the relay + +:returns: **tuple** with our encrypted payload and updated key/digest +""" + +new_key = copy.copy(key) +new_digest = digest.copy() + +# Digests are computed from our payload, not including our header's circuit +# id (2 or 4 bytes) and command (1 byte). + +header_size = link_protocol.circ_id_size.size + 1 +payload_without_digest = self.pack(link_protocol)[header_size:] +new_digest.update(payload_without_digest) + +# Pack a copy of ourselves with our newly calculated digest, and encrypt +# the payload. Header remains plaintext. + +cell = RelayCell(self.id, self.command, self.data, new_digest, self.stream_id, self.recognized, self.unused) +header, payload = split(cell.pack(link_protocol), header_size) + +return header + new_key.update(payload), new_key, new_digest + @classmethod def _unpack(cls, content, circ_id, link_protocol): command, content = Size.CHAR.pop(content) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Fix refactoring regressions
commit cea4f76279f79a65198743e90e300d7b0e1f6a97 Author: Damian Johnson Date: Sun Aug 26 13:12:25 2018 -0700 Fix refactoring regressions Ok, unsurprisingly I buggered this up in a few spots. Mostly regressions from when I tweaked method argument orderings. Unfortunatley our Circuit class doesn't have much in terms of test coverage (... we should really fix that), so exercised these changes by fetching moria1's descriptor... >>> import stem.descriptor.remote >>> print(stem.descriptor.remote.their_server_descriptor(endpoints = (stem.ORPort('128.31.0.34', 9101),)).run()[0]) --- stem/client/__init__.py | 4 ++-- stem/client/cell.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 486ff0a6..aaa62f5b 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -237,7 +237,7 @@ class Circuit(object): # successfully sent. cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) - payload, forward_digest, forward_key = cell.encrypt(self.relay.link_protocol, self.forward_key, self.forward_digest) + payload, forward_key, forward_digest = cell.encrypt(self.relay.link_protocol, self.forward_key, self.forward_digest) self.relay._orport.send(payload) self.forward_digest = forward_digest @@ -254,7 +254,7 @@ class Circuit(object): while reply: encrypted_cell, reply = split(reply, self.relay.link_protocol.fixed_cell_length) -decrypted_cell, backward_key, backward_digest = stem.client.cell.RelayCell.decrypt(encrypted_cell, self.backward_key, self.backward_digest) +decrypted_cell, backward_key, backward_digest = stem.client.cell.RelayCell.decrypt(self.relay.link_protocol, encrypted_cell, self.backward_key, self.backward_digest) if self.id != decrypted_cell.circ_id: raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, decrypted_cell.circ_id)) diff --git a/stem/client/cell.py b/stem/client/cell.py index d7053eaf..91dec143 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -383,7 +383,7 @@ class RelayCell(CircuitCell): return RelayCell._pack(link_protocol, bytes(payload), self.unused, self.circ_id) - @classmethod + @staticmethod def decrypt(link_protocol, content, key, digest): """ Decrypts content as a relay cell addressed to us. This provides back a @@ -428,7 +428,7 @@ class RelayCell(CircuitCell): # # Our updated digest is calculated based on this cell with a blanked # # digest field. # -# digest_cell = RelayCell(self.id, self.command, self.data, 0, self.stream_id, self.recognized, self.unused) +# digest_cell = RelayCell(self.circ_id, self.command, self.data, 0, self.stream_id, self.recognized, self.unused) # new_digest.update(digest_cell.pack(link_protocol)) # # is_encrypted == cell.recognized != 0 or self.digest == new_digest @@ -468,7 +468,7 @@ class RelayCell(CircuitCell): # Pack a copy of ourselves with our newly calculated digest, and encrypt # the payload. Header remains plaintext. -cell = RelayCell(self.id, self.command, self.data, new_digest, self.stream_id, self.recognized, self.unused) +cell = RelayCell(self.circ_id, self.command, self.data, new_digest, self.stream_id, self.recognized, self.unused) header, payload = split(cell.pack(link_protocol), header_size) return header + new_key.update(payload), new_key, new_digest ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Move cell encryption/decription into the RelayCell class
commit 8a1239ea8e63af3797771b6be12ebcb14e437671 Merge: ded18921 cea4f762 Author: Damian Johnson Date: Sun Aug 26 13:47:51 2018 -0700 Move cell encryption/decription into the RelayCell class "Less is more." Dave's pull request for ticket #27112 refactored our RelayCell into a BaseRelayCell and RawRelayCell class. Think I see what he's going for, and this was a step forward in some respects. But honestly added a lot of code and complexity without functionally doing anything new. Going with a hybrid of our approaches that integrates the part I think we agree on. Namely, simplifying our Circuit's send() method by moving cell encryption/decription down into the RelayCell class. This is a much, *MUCH* smaller diff than what Dave proposed. Happy to discuss integrating more of the pull request, but lets start with the part I think we agree on to give us a common point to work from. stem/client/__init__.py | 65 +-- stem/client/cell.py | 111 +--- stem/client/datatype.py | 18 +-- stem/util/log.py| 2 +- stem/util/term.py | 2 +- test/unit/client/cell.py| 1 + test/unit/client/size.py| 1 + test/unit/control/controller.py | 1 - 8 files changed, 145 insertions(+), 56 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Drop alternate relay cell classes
commit 6938036f28ee8e74b409014919b438da7a12fe10 Author: Damian Johnson Date: Sun Aug 26 12:30:46 2018 -0700 Drop alternate relay cell classes Now that our RelayCell implements encryption/decryption we can drop these. These new methods have *not* been exercised yet. No doubt when rubber meets the road I'll discover some issues, but they're close enough to the Circuit's prior send() method that they should be simple to sort out. --- stem/client/cell.py | 455 +-- test/unit/client/cell.py | 67 ++- test/unit/client/size.py | 1 - 3 files changed, 12 insertions(+), 511 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index d4540203..d7053eaf 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -108,7 +108,7 @@ class Cell(object): """ for _, cls in inspect.getmembers(sys.modules[__name__]): - if name == getattr(cls, 'NAME', UNDEFINED) and not getattr(cls, 'CANNOT_DIRECTLY_UNPACK', False): + if name == getattr(cls, 'NAME', UNDEFINED): return cls raise ValueError("'%s' isn't a valid cell type" % name) @@ -124,7 +124,7 @@ class Cell(object): """ for _, cls in inspect.getmembers(sys.modules[__name__]): - if value == getattr(cls, 'VALUE', UNDEFINED) and not getattr(cls, 'CANNOT_DIRECTLY_UNPACK', False): + if value == getattr(cls, 'VALUE', UNDEFINED): return cls raise ValueError("'%s' isn't a valid cell value" % value) @@ -321,199 +321,6 @@ class CreatedCell(CircuitCell): super(CreatedCell, self).__init__() # TODO: implement -class BaseRelayCell(CircuitCell): - """ - Cell whose subclasses are relayed over circuits. - - :var bytes payload: raw payload, quite possibly encrypted - """ - - NAME = 'INTERNAL_BASE_RELAY' # defined for error/other strings - IS_FIXED_SIZE = True # all relay cells are fixed-size - - # other attributes are deferred to subclasses, since this class cannot be directly unpacked - - def __init__(self, circ_id, payload): -if not payload: - raise ValueError('Relay cells require a payload') -if len(payload) != FIXED_PAYLOAD_LEN: - raise ValueError('Payload should be %i bytes, but was %i' % (FIXED_PAYLOAD_LEN, len(payload))) - -super(BaseRelayCell, self).__init__(circ_id, unused = b'') -self.payload = payload - - def pack(self, link_protocol): -# unlike everywhere else, we actually want to use the subclass type, NOT *this* class -return type(self)._pack(link_protocol, self.payload, circ_id = self.circ_id) - - @classmethod - def _unpack(cls, content, circ_id, link_protocol): -# unlike everywhere else, we actually want to use the subclass type, NOT *this* class -return cls(circ_id, content) - - def check_recognized_field(self): -""" -Checks the 'recognized' field of the cell payload, which indicates whether -it is **probably** fully decrypted. - -:returns: **bool** indicating whether the 'recognized' field indicates - likely decryption. Per the spec: -* **False** guarantees the cell *not* to be fully decrypted. -* **True** does *not* guarantee the cell to be fully decrypted, and it - must be checked further. See also - :func:`~stem.client.cell.BaseRelayCell.check_digest` -""" - -_, recognized_from_cell, _, _, _, _, _ = AlternateRelayCell._unpack_payload(self.payload) -return recognized_from_cell == 0 - - def check_digest(self, digest): -""" -Calculates the running digest of the cell payload per the spec, returning -whether the cell's unpacked digest matched, along with the updated digest -if so. - -:param HASH digest: running digest held with the relay - -:returns: (digest_matches, digest) tuple of object copies updated as follows: - * digest_matches: **bool** indicating whether the digest matches - * digest: updated via digest.update(payload), if the digest matches; -otherwise a copy of the original - -:raises: **ValueError** if payload is the wrong size -""" - -command, recognized, stream_id, digest_from_cell, data_len, data, unused = AlternateRelayCell._unpack_payload(self.payload) - -# running digest is calculated using a zero'd digest field in the payload -prepared_payload = AlternateRelayCell._pack_payload(command, recognized, stream_id, 0, data_len, data, unused, pad_remainder = False) - -if len(prepared_payload) != FIXED_PAYLOAD_LEN: - # this should never fail - # if it did, it indicates a programming error either within stem.client.cell or a consumer - raise ValueError('Payload should be %i bytes, but was %i' % (FIXED_PAYLOAD_LEN, len(prepared_payload))) - -new_digest = digest.copy() -new_digest.update(prepared_payload) - -digest_matches = (AlternateRelayCell._coerce_digest(new_digest) == digest_from_cell) - -# only return the new_digest if the digest check
[tor-commits] [stem/master] Rearrange the digest/key copies to be a bit more spec-compliant
commit 13cc211070c2cf1d0d571461eed688ac1e69a735 Author: Dave Rolek Date: Sat Aug 18 04:26:42 2018 + Rearrange the digest/key copies to be a bit more spec-compliant This arrangement is better, as it better keeps track of the digest/key on a cell-by-cell basis, but it's still not spec-compliant in a number of ways, such as its potential to drop cells or get corrupted backward digest/key state in the case of an exception. That's ok - this is just an interim implementation, and this change is just to make things a bit better for illustrative purposes. --- stem/client/__init__.py | 33 +++-- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 91e8c4ca..8c96b8c2 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -236,20 +236,27 @@ class Circuit(object): with self.relay._orport_lock: orig_forward_digest = self.forward_digest.copy() orig_forward_key = copy.copy(self.forward_key) - orig_backward_digest = self.backward_digest.copy() - orig_backward_key = copy.copy(self.backward_key) try: cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) encrypted_cell, self.forward_digest, self.forward_key = cell.encrypt(self.forward_digest, self.forward_key) -reply_cells = [] self.relay._orport.send(encrypted_cell.pack(self.relay.link_protocol)) -reply = self.relay._orport.recv() + except: +self.forward_digest = orig_forward_digest +self.forward_key = orig_forward_key +raise + + reply = self.relay._orport.recv() + reply_cells = [] -relay_cell_cmd = stem.client.cell.RelayCell.VALUE + relay_cell_cmd = stem.client.cell.RelayCell.VALUE -while reply: + while reply: +orig_backward_digest = self.backward_digest.copy() +orig_backward_key = copy.copy(self.backward_key) + +try: raw_cell, reply = stem.client.cell.Cell.pop(reply, self.relay.link_protocol) if raw_cell.VALUE != relay_cell_cmd: @@ -260,16 +267,14 @@ class Circuit(object): decrypted_cell, fully_decrypted, self.backward_digest, self.backward_key = raw_cell.decrypt(self.backward_digest, self.backward_key, interpret = True) if not fully_decrypted: raise stem.ProtocolError('Response for circuit id %i was not fully decrypted, when expected to be' % self.id) +except: + self.backward_digest = orig_backward_digest + self.backward_key = orig_backward_key + raise - reply_cells.append(decrypted_cell) +reply_cells.append(decrypted_cell) -return reply_cells - except: -self.forward_digest = orig_forward_digest -self.forward_key = orig_forward_key -self.backward_digest = orig_backward_digest -self.backward_key = orig_backward_key -raise + return reply_cells def close(self): with self.relay._orport_lock: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Resume size check for circuit responses
commit 2e51a01c1fa96f24f44b744d37915ef2ffd7762d Author: Damian Johnson Date: Sat Aug 25 12:39:44 2018 -0700 Resume size check for circuit responses Maybe this check is redundant with the cell module additions? Not sure. Regardless, unlike the hamhanded 'relay_cell_size' calculation I did prior to Dave's branch our LinkProtocol's 'fixed_cell_length' now makes this check trivial to do upfront. --- stem/client/__init__.py | 10 +++--- stem/client/datatype.py | 5 - 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 46a82428..a216696a 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -243,16 +243,20 @@ class Circuit(object): self.forward_digest = forward_digest self.forward_key = forward_key + # Decrypt relay cells received in response. Again, our digest/key only + # updates when handled successfully. + reply = self.relay._orport.recv() reply_cells = [] - relay_cell_cmd = stem.client.cell.RelayCell.VALUE + if len(reply) % self.relay.link_protocol.fixed_cell_length != 0: +raise stem.ProtocolError('Circuit response should be a series of RELAY cells, but received an unexpected size for a response: %i' % len(reply)) while reply: raw_cell, reply = stem.client.cell.Cell.pop(reply, self.relay.link_protocol) -if raw_cell.VALUE != relay_cell_cmd: - raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (relay_cell_cmd, raw_cell.VALUE)) +if raw_cell.VALUE != stem.client.cell.RelayCell.VALUE: + raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (stem.client.cell.RelayCell.VALUE, raw_cell.VALUE)) elif raw_cell.circ_id != self.id: raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, raw_cell.circ_id)) diff --git a/stem/client/datatype.py b/stem/client/datatype.py index 43bdfe9d..644d4993 100644 --- a/stem/client/datatype.py +++ b/stem/client/datatype.py @@ -116,6 +116,7 @@ import collections import hashlib import struct +import stem.client.cell import stem.prereq import stem.util import stem.util.connection @@ -246,9 +247,11 @@ class LinkProtocol(int): protocol = int.__new__(cls, version) protocol.version = version protocol.circ_id_size = Size.LONG if version > 3 else Size.SHORT -protocol.fixed_cell_length = 514 if version > 3 else 512 protocol.first_circ_id = 0x8000 if version > 3 else 0x01 +cell_header_size = protocol.circ_id_size.size + 1 # circuit id (2 or 4 bytes) + command (1 byte) +protocol.fixed_cell_length = cell_header_size + stem.client.cell.FIXED_PAYLOAD_LEN + return protocol def __hash__(self): ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add convenience method for packing payload of a RELAY cell
commit aa3b674ef3c7d22c16c6480937531f38b208a0c1 Author: Dave Rolek Date: Fri Aug 10 19:55:22 2018 + Add convenience method for packing payload of a RELAY cell There may be a bit too much going on here - i.e. these methods may not be anything but a bit redundant - but things will get trimmed down later when the API is better worked out. --- stem/client/cell.py | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 381a7387..39a729f1 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -424,7 +424,7 @@ class RelayCell(CircuitCell): return digest def pack(self, link_protocol): -payload = RelayCell._pack_payload(self.command_int, self.recognized, self.stream_id, self.digest, len(self.data), self.data, self.unused) +payload = self.pack_payload() return RelayCell._pack(link_protocol, payload, unused = b'', circ_id = self.circ_id) @@ -456,6 +456,17 @@ class RelayCell(CircuitCell): return command, recognized, stream_id, digest, data_len, data, unused + def pack_payload(self, **kwargs): +""" +Convenience method for running _pack_payload on self. + +:param bool pad_remaining: (optional, defaults to **True**) pads up to payload size if **True** + +:returns: **bytes** with the packed payload +""" + +return RelayCell._pack_payload(self.command_int, self.recognized, self.stream_id, self.digest, len(self.data), self.data, self.unused, **kwargs) + @staticmethod def _pack_payload(command_int, recognized, stream_id, digest, data_len, data, unused = b'', pad_remainder = True): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add check_digest instance method to BaseRelayCell
commit 69f293222f550978e603906a4b3e34cb371447b0 Author: Dave Rolek Date: Sat Aug 18 02:40:01 2018 + Add check_digest instance method to BaseRelayCell Similar to how apply_digest() is used by a RELAY cell sender, this collects the logic needed for a receiver to confirm that a cell is fully decrypted and that the cell's integrity is intact. This is new functionality. Prior to this change, stem.client had no facility to check the digest of a RELAY cell according to the spec. Not yet used. --- stem/client/cell.py | 38 ++ 1 file changed, 38 insertions(+) diff --git a/stem/client/cell.py b/stem/client/cell.py index 43dc076c..5235331e 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -354,6 +354,44 @@ class BaseRelayCell(CircuitCell): # unlike everywhere else, we actually want to use the subclass type, NOT *this* class return cls(circ_id, content) + def check_digest(self, digest): +""" +Calculates the running digest of the cell payload per the spec, returning +whether the cell's unpacked digest matched, along with the updated digest +if so. + +:param HASH digest: running digest held with the relay + +:returns: (digest_matches, digest) tuple of object copies updated as follows: + * digest_matches: **bool** indicating whether the digest matches + * digest: updated via digest.update(payload), if the digest matches; +otherwise a copy of the original + +:raises: **ValueError** if payload is the wrong size +""" + +command, recognized, stream_id, digest_from_cell, data_len, data, unused = RelayCell._unpack_payload(self.payload) + +# running digest is calculated using a zero'd digest field in the payload +prepared_payload = RelayCell._pack_payload(command, recognized, stream_id, 0, data_len, data, unused, pad_remainder = False) + +if len(prepared_payload) != FIXED_PAYLOAD_LEN: + # this should never fail + # if it did, it indicates a programming error either within stem.client.cell or a consumer + raise ValueError('Payload should be %i bytes, but was %i' % (FIXED_PAYLOAD_LEN, len(prepared_payload))) + +new_digest = digest.copy() +new_digest.update(prepared_payload) + +digest_matches = (RelayCell._coerce_digest(new_digest) == digest_from_cell) + +# only return the new_digest if the digest check passed +# even if not, return a copy of the original +# this allows a consumer to always assume the returned digest is a different object +digest_to_return = new_digest if digest_matches else digest.copy() + +return digest_matches, digest_to_return + def __hash__(self): return stem.util._hash_attr(self, 'circ_id', 'payload', cache = True) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Simplify rollback of key/digest during errors
commit 56f41833173aca0c5e78ca2095935f8a474c6430 Author: Damian Johnson Date: Fri Aug 24 03:49:17 2018 -0700 Simplify rollback of key/digest during errors The reason I asked for our functions to return a new copy of our key/digest is because it lets us simplify this calling code a bit. Rather than explicitly reverting the key/digest we can simply wait to record the new values until cells are successfully sent and received. --- stem/client/__init__.py | 53 ++--- 1 file changed, 24 insertions(+), 29 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 8c96b8c2..0ee8cbf0 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -25,7 +25,6 @@ a wrapper for :class:`~stem.socket.RelaySocket`, much the same way as +- close - closes this circuit """ -import copy import hashlib import threading @@ -234,18 +233,16 @@ class Circuit(object): """ with self.relay._orport_lock: - orig_forward_digest = self.forward_digest.copy() - orig_forward_key = copy.copy(self.forward_key) + cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) + encrypted_cell, new_forward_digest, new_forward_key = cell.encrypt(self.forward_digest, self.forward_key) - try: -cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) -encrypted_cell, self.forward_digest, self.forward_key = cell.encrypt(self.forward_digest, self.forward_key) + self.relay._orport.send(encrypted_cell.pack(self.relay.link_protocol)) -self.relay._orport.send(encrypted_cell.pack(self.relay.link_protocol)) - except: -self.forward_digest = orig_forward_digest -self.forward_key = orig_forward_key -raise + # Only recoding our new digest/key if the cell's successfully sent. If + # the above raises we should leave them alone. + + self.forward_digest = new_forward_digest + self.forward_key = new_forward_key reply = self.relay._orport.recv() reply_cells = [] @@ -253,24 +250,22 @@ class Circuit(object): relay_cell_cmd = stem.client.cell.RelayCell.VALUE while reply: -orig_backward_digest = self.backward_digest.copy() -orig_backward_key = copy.copy(self.backward_key) - -try: - raw_cell, reply = stem.client.cell.Cell.pop(reply, self.relay.link_protocol) - - if raw_cell.VALUE != relay_cell_cmd: -raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (relay_cell_cmd, raw_cell.VALUE)) - elif raw_cell.circ_id != self.id: -raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, raw_cell.circ_id)) - - decrypted_cell, fully_decrypted, self.backward_digest, self.backward_key = raw_cell.decrypt(self.backward_digest, self.backward_key, interpret = True) - if not fully_decrypted: -raise stem.ProtocolError('Response for circuit id %i was not fully decrypted, when expected to be' % self.id) -except: - self.backward_digest = orig_backward_digest - self.backward_key = orig_backward_key - raise +raw_cell, reply = stem.client.cell.Cell.pop(reply, self.relay.link_protocol) + +if raw_cell.VALUE != relay_cell_cmd: + raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (relay_cell_cmd, raw_cell.VALUE)) +elif raw_cell.circ_id != self.id: + raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, raw_cell.circ_id)) + +decrypted_cell, fully_decrypted, new_backward_digest, new_backward_key = raw_cell.decrypt(self.backward_digest, self.backward_key, interpret = True) + +if not fully_decrypted: + raise stem.ProtocolError('Response for circuit id %i was not fully decrypted, when expected to be' % self.id) + +# Again, if the above raises the digest/key should remain unchanged. + +self.backward_digest = new_backward_digest +self.backward_key = new_backward_key reply_cells.append(decrypted_cell) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Revert cell module hierarchy docs
commit 347120a44614437f8e1642dc81676760f877c8be Author: Damian Johnson Date: Sat Aug 25 13:45:47 2018 -0700 Revert cell module hierarchy docs Dropping BaseRelayCell and RawRelayCell from the hierarchy (reintegrating 'em into the RelayCell). Due to the whitespace changes this occupies a sizable chunk of the merge diff. --- stem/client/cell.py | 39 ++- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 3de1c731..aec868c4 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -12,27 +12,25 @@ Messages communicated over a Tor relay's ORPort. Cell - Base class for ORPort messages. |- CircuitCell - Circuit management. -| |- CreateCell - Create a circuit. (section 5.1) -| |- CreatedCell - Acknowledge create. (section 5.1) -| |- BaseRelayCell - End-to-end data; abstract. (section 6.1) -| | +- RawRelayCell - End-to-end data. Payload not unpacked. (section 5.5.2.1, 5.5.3) -| |- RelayCell - End-to-end data. (section 6.1) -| |- DestroyCell - Stop using a circuit. (section 5.4) -| |- CreateFastCell - Create a circuit, no PK. (section 5.1) -| |- CreatedFastCell - Circuit created, no PK. (section 5.1) -| |- RelayEarlyCell - End-to-end data; limited. (section 5.6) -| |- Create2Cell - Extended CREATE cell. (section 5.1) -| +- Created2Cell - Extended CREATED cell. (section 5.1) +| |- CreateCell - Create a circuit. (section 5.1) +| |- CreatedCell - Acknowledge create. (section 5.1) +| |- RelayCell - End-to-end data.(section 6.1) +| |- DestroyCell - Stop using a circuit. (section 5.4) +| |- CreateFastCell - Create a circuit, no PK. (section 5.1) +| |- CreatedFastCell - Circuit created, no PK. (section 5.1) +| |- RelayEarlyCell - End-to-end data; limited. (section 5.6) +| |- Create2Cell - Extended CREATE cell. (section 5.1) +| +- Created2Cell - Extended CREATED cell. (section 5.1) | -|- PaddingCell - Padding negotiation. (section 7.2) -|- VersionsCell - Negotiate proto version. (section 4) -|- NetinfoCell - Time and address info. (section 4.5) -|- PaddingNegotiateCell - Padding negotiation. (section 7.2) -|- VPaddingCell - Variable-length padding. (section 7.2) -|- CertsCell - Relay certificates. (section 4.2) -|- AuthChallengeCell - Challenge value. (section 4.3) -|- AuthenticateCell - Client authentication. (section 4.5) -|- AuthorizeCell - Client authorization. (not yet used) +|- PaddingCell - Padding negotiation. (section 7.2) +|- VersionsCell - Negotiate proto version.(section 4) +|- NetinfoCell - Time and address info. (section 4.5) +|- PaddingNegotiateCell - Padding negotiation.(section 7.2) +|- VPaddingCell - Variable-length padding.(section 7.2) +|- CertsCell - Relay certificates.(section 4.2) +|- AuthChallengeCell - Challenge value. (section 4.3) +|- AuthenticateCell - Client authentication. (section 4.5) +|- AuthorizeCell - Client authorization. (not yet used) | |- pack - encodes cell into bytes |- unpack - decodes series of cells @@ -86,7 +84,6 @@ class Cell(object): The following cell types explicitly don't have *unused* content: * PaddingCell (we consider all content part of payload) * VersionsCell (all content is unpacked and treated as a version specification) -* BaseRelayCell (we don't parse cell beyond header/body) * VPaddingCell (we consider all content part of payload) :var bytes unused: unused filler that padded the cell to the expected size ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Stub minimal cell decryption function
commit 52edd22ca10d559270ee240409447351bd8639f8 Author: Damian Johnson Date: Sat Aug 25 13:32:07 2018 -0700 Stub minimal cell decryption function Ok, now into the meat of this sucker. Dave's branch introduces nice additions such as validating our backward digest and a flag to indicate if we've fully decrypted the cell or not. For the moment moving to a minimal decryption function that only supports what we did previously. Next gonna try to integrate his new features to make a hybrid approach that hopefully takes the best of both. --- stem/client/__init__.py | 22 +++--- stem/client/cell.py | 30 ++ 2 files changed, 37 insertions(+), 15 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index a216696a..19528d67 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -33,7 +33,7 @@ import stem.client.cell import stem.socket import stem.util.connection -from stem.client.datatype import ZERO, LinkProtocol, Address, KDF +from stem.client.datatype import ZERO, LinkProtocol, Address, KDF, split __all__ = [ 'cell', @@ -253,22 +253,14 @@ class Circuit(object): raise stem.ProtocolError('Circuit response should be a series of RELAY cells, but received an unexpected size for a response: %i' % len(reply)) while reply: -raw_cell, reply = stem.client.cell.Cell.pop(reply, self.relay.link_protocol) +encrypted_cell, reply = split(reply, self.relay.link_protocol.fixed_cell_length) +decrypted_cell, backward_key, backward_digest = stem.client.cell.RelayCell.decrypt(encrypted_cell, self.backward_key, self.backward_digest) -if raw_cell.VALUE != stem.client.cell.RelayCell.VALUE: - raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (stem.client.cell.RelayCell.VALUE, raw_cell.VALUE)) -elif raw_cell.circ_id != self.id: - raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, raw_cell.circ_id)) +if self.id != decrypted_cell.circ_id: + raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, decrypted_cell.circ_id)) -decrypted_cell, fully_decrypted, new_backward_digest, new_backward_key = raw_cell.decrypt(self.backward_digest, self.backward_key, interpret = True) - -if not fully_decrypted: - raise stem.ProtocolError('Response for circuit id %i was not fully decrypted, when expected to be' % self.id) - -# Again, if the above raises the digest/key should remain unchanged. - -self.backward_digest = new_backward_digest -self.backward_key = new_backward_key +self.backward_digest = backward_digest +self.backward_key = backward_key reply_cells.append(decrypted_cell) diff --git a/stem/client/cell.py b/stem/client/cell.py index 6587ebb5..3de1c731 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -551,6 +551,36 @@ class RelayCell(CircuitCell): elif stream_id and self.command in STREAM_ID_DISALLOWED: raise ValueError('%s relay cells concern the circuit itself and cannot have a stream id' % self.command) + @classmethod + def decrypt(link_protocol, content, digest, key): +""" +Parse the given content as an encrypted RELAY cell. +""" + +# TODO: Fill in the above pydocs, deduplicate with the other decrypt +# method, yadda yadda. Starting with a minimal stub to see if this makes +# the Circuit class better. I'll circle back to clean up this module if it +# works. + +if len(content) != link_protocol.fixed_cell_length: + raise stem.ProtocolError('RELAY cells should be %i bytes, but received %i' % (link_protocol.fixed_cell_length, len(content))) + +circ_id, content = link_protocol.circ_id_size.pop(content) +command, payload = Size.CHAR.pop(content) + +if command != RelayCell.VALUE: + raise stem.ProtocolError('Cannot decrypt as a RELAY cell. This had command %i instead.' % command) + +key = copy.copy(key) +decrypted = key.update(payload) + +# TODO: Integrate with check_digest() and flag for integrating if we're +# fully decrypted. For the moment we only handle direct responses (ie. all +# the cells we receive can be fully decrypted) but if we attempt to support +# relaying we'll need to pass along cells we can only partially decrypt. + +return RelayCell._unpack(decrypted, circ_id, link_protocol), key, digest + @staticmethod def _coerce_digest(digest): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Now use the decrypt method in our Circuit class
commit eaa871fa08b3920baa9d24b3338c7c4b6973ee40 Author: Dave Rolek Date: Sat Aug 18 04:12:35 2018 + Now use the decrypt method in our Circuit class This also now actually checks the 'recognized' field and digest, unlike before. Keep in mind that this implementation is really meant for illustrative purposes, in the interim. (There are some limitations to it.) --- stem/client/__init__.py | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index a228bebc..33ac0d8d 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -255,8 +255,11 @@ class Circuit(object): elif raw_cell.circ_id != self.id: raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, raw_cell.circ_id)) - decrypted_payload = self.backward_key.update(raw_cell.payload) - reply_cells.append(stem.client.cell.RelayCell._unpack(decrypted_payload, self.id, self.relay.link_protocol)) + decrypted_cell, fully_decrypted, self.backward_digest, self.backward_key = raw_cell.decrypt(self.backward_digest, self.backward_key, interpret = True) + if not fully_decrypted: +raise stem.ProtocolError('Response for circuit id %i was not fully decrypted, when expected to be' % self.id) + + reply_cells.append(decrypted_cell) return reply_cells except: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add decrypt instance method to BaseRelayCell
commit 5baa2e37728ab50a5132d81225070e097e6bd058 Author: Dave Rolek Date: Sat Aug 18 03:58:13 2018 + Add decrypt instance method to BaseRelayCell Akin to encrypt(), this takes care of decryption and all the ancillary functionality related to it. It composes the functionality of the building blocks added in previous changes, namely: * check_recognized_field() * check_digest() * interpret_cell() - but not automatically done by default A consumer of this, especially in a multi-hop circuit, will only need to manage the digest/decryptor state (in the case of a cell that cannot be decrypted+recognized... fallback) and pay attention to the 'fully_decrypted' result. This should make a consumer's implementation pretty readable, something like: # relay_1 := nearest relay in circuit decryption_states = [ (relay_1, digest_1, decryptor_1), (relay_2, digest_2, decryptor_2), (relay_3, digest_3, decryptor_3), ] new_decryption_states = copy.deepcopy(decryption_states) from_relay = None for i in range(len(new_decryption_states)): relay, digest, decryptor = new_decryption_states[i] cell, fully_decrypted, digest, decryptor = cell.decrypt(digest, decryptor) new_decryption_states[i] = (relay, digest, decryptor) if fully_decrypted: from_relay = relay break if from_relay: decryption_states = new_decryption_states else: # handle this, since the cell couldn't be decrypted # probably raise Something() pass cell_and_hop = (cell, from_relay) # naming things is hard # do something with the decrypted cell # ^ probably feeding it into the queue/handler for the (circuit_id, relay, stream_id) --- stem/client/cell.py | 65 + 1 file changed, 65 insertions(+) diff --git a/stem/client/cell.py b/stem/client/cell.py index a96b2f7b..48dbcf36 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -443,6 +443,71 @@ class BaseRelayCell(CircuitCell): return new_cell + def decrypt(self, digest, decryptor, interpret = False): +""" +Decrypts a cell and checks whether it is fully decrypted, +returning a new (Cell, fully_decrypted, digest, decryptor) tuple. +Optionally also interprets the cell (not generally recommended). + +The method name is technically a misnomer, as it also checks whether the +cell has been fully decrypted (after decrypting), updating the digest if so. +However, these operations are defined per the spec as required for RELAY +cells, and ... + (1) it is a natural mental extension to include them here; + (2) it would be a bit pointless to require method consumers to manually + do all of that, for pedantry. + +:param HASH digest: running digest held with the relay +:param cryptography.hazmat.primitives.ciphers.CipherContext decryptor: + running stream cipher decryptor held with the relay + +:param bool interpret: (optional, defaults to **False**) Use **True** with + caution. The spec indicates that a fully decrypted cell should be + accounted for in digest and decryptor, independent of cell validity. Using + **True**, while convenient, may cause an exception for a NYI relay + command, a malformed cell, or some other reason. This option should only + be used when the consumer will consider the circuit to have a fatal error + in such cases, and catches/handles the exception accordingly (e.g. sending + a DestroyCell). + +:returns: (:class:`~stem.client.cell.Cell`, bool, HASH, CipherContext) tuple + of object copies updated as follows: +* Cell: either :class:`~stem.client.cell.RawRelayCell` with a decrypted + payload or :class:`~stem.client.cell.RelayCell` class or subclass, if + **interpret** is **True** and the cell was fully decrypted +* fully_decrypted: **bool** indicating whether the cell is fully + decrypted +* digest: updated via digest.update(payload), if the cell was fully + decrypted; otherwise a copy of the original +* decryptor: updated via decryptor.update(payload) +""" + +new_decryptor = copy.copy(decryptor) + +# actually decrypt +decrypted_payload = new_decryptor.update(self.payload) +new_cell = self.__class__(self.circ_id, decrypted_payload) + +# do post-decryption checks to ascertain whether cell is fully decrypted +if new_cell.check_recognized_field(): + digest_matches, new_digest = new_cell.check_digest(digest) + fully_decrypted = digest_matches +else: + new_digest = None + fully_decrypted = False + +# only return the new_digest if the digest check meant that the cell has been fully decrypted +# +#
[tor-commits] [stem/master] Fork new and old RelayCell implementations
commit 04c2c9f0e33055dd40c9117314287077c9c22aee Author: Damian Johnson Date: Sat Aug 25 14:16:35 2018 -0700 Fork new and old RelayCell implementations Dave's branch makes quite a few RelayCell modifications in support of its new BaseRelayCell class. That class is no longer used by the new Circuit send method, but there's quite a few things we want to integrate from it. Making a total mess, but for the moment placing side-by-side copies of both our new and old RelayCell class in this module. AlternateRelayCell is Dave's version, and RelayCell is what we had previously (plus the decrypt stub from earlier). This does *not* presently work, as the old RelayCell class lack the encrypt() and decrypt() methods the Circuit class now excepts. Doing this so we have a clean starting point to see how we integrate. --- stem/client/cell.py | 84 +--- test/unit/client/cell.py | 3 +- 2 files changed, 82 insertions(+), 5 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index aec868c4..3f247af4 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -364,7 +364,7 @@ class BaseRelayCell(CircuitCell): :func:`~stem.client.cell.BaseRelayCell.check_digest` """ -_, recognized_from_cell, _, _, _, _, _ = RelayCell._unpack_payload(self.payload) +_, recognized_from_cell, _, _, _, _, _ = AlternateRelayCell._unpack_payload(self.payload) return recognized_from_cell == 0 def check_digest(self, digest): @@ -383,10 +383,10 @@ class BaseRelayCell(CircuitCell): :raises: **ValueError** if payload is the wrong size """ -command, recognized, stream_id, digest_from_cell, data_len, data, unused = RelayCell._unpack_payload(self.payload) +command, recognized, stream_id, digest_from_cell, data_len, data, unused = AlternateRelayCell._unpack_payload(self.payload) # running digest is calculated using a zero'd digest field in the payload -prepared_payload = RelayCell._pack_payload(command, recognized, stream_id, 0, data_len, data, unused, pad_remainder = False) +prepared_payload = AlternateRelayCell._pack_payload(command, recognized, stream_id, 0, data_len, data, unused, pad_remainder = False) if len(prepared_payload) != FIXED_PAYLOAD_LEN: # this should never fail @@ -396,7 +396,7 @@ class BaseRelayCell(CircuitCell): new_digest = digest.copy() new_digest.update(prepared_payload) -digest_matches = (RelayCell._coerce_digest(new_digest) == digest_from_cell) +digest_matches = (AlternateRelayCell._coerce_digest(new_digest) == digest_from_cell) # only return the new_digest if the digest check passed # even if not, return a copy of the original @@ -518,6 +518,82 @@ class RelayCell(CircuitCell): """ Command concerning a relay circuit. + :var stem.client.RelayCommand command: command to be issued + :var int command_int: integer value of our command + :var bytes data: payload of the cell + :var int recognized: zero if cell is decrypted, non-zero otherwise + :var int digest: running digest held with the relay + :var int stream_id: specific stream this concerns + """ + + NAME = 'RELAY' + VALUE = 3 + IS_FIXED_SIZE = True + + def __init__(self, circ_id, command, data, digest = 0, stream_id = 0, recognized = 0, unused = b''): +if 'HASH' in str(type(digest)): + # Unfortunately hashlib generates from a dynamic private class so + # isinstance() isn't such a great option. With python2/python3 the + # name is 'hashlib.HASH' whereas PyPy calls it just 'HASH'. + + digest_packed = digest.digest()[:RELAY_DIGEST_SIZE.size] + digest = RELAY_DIGEST_SIZE.unpack(digest_packed) +elif stem.util._is_str(digest): + digest_packed = digest[:RELAY_DIGEST_SIZE.size] + digest = RELAY_DIGEST_SIZE.unpack(digest_packed) +elif stem.util._is_int(digest): + pass +else: + raise ValueError('RELAY cell digest must be a hash, string, or int but was a %s' % type(digest).__name__) + +super(RelayCell, self).__init__(circ_id, unused) +self.command, self.command_int = RelayCommand.get(command) +self.recognized = recognized +self.stream_id = stream_id +self.digest = digest +self.data = str_tools._to_bytes(data) + +if digest == 0: + if not stream_id and self.command in STREAM_ID_REQUIRED: +raise ValueError('%s relay cells require a stream id' % self.command) + elif stream_id and self.command in STREAM_ID_DISALLOWED: +raise ValueError('%s relay cells concern the circuit itself and cannot have a stream id' % self.command) + + def pack(self, link_protocol): +payload = bytearray() +payload += Size.CHAR.pack(self.command_int) +payload += Size.SHORT.pack(self.recognized) +payload += Size.SHORT.pack(self.stream_id) +payload += Size.LONG.pack(self.digest) +payload +=
[tor-commits] [stem/master] Combine relay cell encrypting and packing
commit 486a8d2e5c4724146d6647b7f69ffbd10adbfc1d Author: Damian Johnson Date: Sat Aug 25 11:38:41 2018 -0700 Combine relay cell encrypting and packing Cells are only ever encrypted to be sent. I'm not seeing a purpose in having an intermediate step here. Our Circuit's send() method is simpler if the encrypt() method provides us the payload to be sent rather than an intermediate class. Are there any use cases where we want an 'encrypted cell' object? We can't do anything with it besides send it (if we made it) or decrypt it (if sent to us). Possible though I'm missing something. Presently I'm only looking at our Circuit's send() method. Our RelayCell's usage informs the API it should have, so I'm not worrying about the cell module until that's settled. --- stem/client/__init__.py | 15 +++ stem/client/cell.py | 10 +- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 0ee8cbf0..46a82428 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -233,16 +233,15 @@ class Circuit(object): """ with self.relay._orport_lock: - cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) - encrypted_cell, new_forward_digest, new_forward_key = cell.encrypt(self.forward_digest, self.forward_key) - - self.relay._orport.send(encrypted_cell.pack(self.relay.link_protocol)) + # Encrypt and send the cell. Our digest/key only updates if the cell is + # successfully sent. - # Only recoding our new digest/key if the cell's successfully sent. If - # the above raises we should leave them alone. + cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) + payload, forward_digest, forward_key = cell.encrypt(self.relay.link_protocol, self.forward_digest, self.forward_key) + self.relay._orport.send(payload) - self.forward_digest = new_forward_digest - self.forward_key = new_forward_key + self.forward_digest = forward_digest + self.forward_key = forward_key reply = self.relay._orport.recv() reply_cells = [] diff --git a/stem/client/cell.py b/stem/client/cell.py index 48dbcf36..6587ebb5 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -654,7 +654,7 @@ class RelayCell(CircuitCell): return new_cell, new_digest - def encrypt(self, digest, encryptor, **kwargs): + def encrypt(self, link_protocol, digest, encryptor, **kwargs): """ Preps a cell payload, including calculating digest, and encrypts it, returning a new (RawRelayCell, digest, encryptor) tuple. @@ -666,6 +666,7 @@ class RelayCell(CircuitCell): (2) it would be a bit pointless to require method consumers to manually call both, for pedantry. +:param int link_protocol: link protocol version :param HASH digest: running digest held with the relay :param cryptography.hazmat.primitives.ciphers.CipherContext encryptor: running stream cipher encryptor held with the relay @@ -673,10 +674,9 @@ class RelayCell(CircuitCell): :param bool prep_cell: (optional, defaults to **True**) refer to :func:`~stem.client.cell.RelayCell.apply_digest` -:returns: (:class:`~stem.client.cell.RawRelayCell`, HASH, CipherContext) +:returns: (bytes, HASH, CipherContext) tuple of object copies updated as follows: -* RawRelayCell: updated as specified in - :func:`~stem.client.cell.RelayCell.apply_digest`, then encrypted +* bytes: encrypted cell payload * digest: updated via digest.update(payload) * encryptor: updated via encryptor.update(payload_with_digest) """ @@ -686,7 +686,7 @@ class RelayCell(CircuitCell): encrypted_payload = new_encryptor.update(unencrypted_cell.pack_payload()) encrypted_cell = RawRelayCell(unencrypted_cell.circ_id, encrypted_payload) -return encrypted_cell, new_digest, new_encryptor +return encrypted_cell.pack(link_protocol), new_digest, new_encryptor def pack_payload(self, **kwargs): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Drop unsigned from Size class
commit 575f1b6685f6b8be3b3801ff662a4d6d89db43c4 Author: Damian Johnson Date: Thu Aug 16 10:33:47 2018 -0700 Drop unsigned from Size class Actually, it's already in our pydoc that these are all unsigned. Maybe we'll add a flag like this in the future if that changes but presently it doesn't provide any value. That said, I *do* like the idea of providing a better error message. Keeping that, and improving our performance a bit by only performing these checks if packing fails (this class is heavily used in IO so making this a tad extra performant is useful). --- stem/client/datatype.py | 16 +--- test/unit/client/size.py| 9 + test/unit/control/controller.py | 1 - 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/stem/client/datatype.py b/stem/client/datatype.py index 1c7aec77..43bdfe9d 100644 --- a/stem/client/datatype.py +++ b/stem/client/datatype.py @@ -349,19 +349,21 @@ class Size(Field): self.name = name self.size = size self.format = pack_format -self.unsigned = pack_format.isupper() @staticmethod def pop(packed): raise NotImplementedError("Use our constant's unpack() and pop() instead") def pack(self, content): -if not stem.util._is_int(content): - raise ValueError('Size.pack encodes an integer, but was a %s' % type(content).__name__) -if content < 0 and self.unsigned: - raise ValueError('A %s field cannot pack negative values, but %i was tried' % (self.name, content)) - -packed = struct.pack(self.format, content) +try: + packed = struct.pack(self.format, content) +except struct.error: + if not stem.util._is_int(content): +raise ValueError('Size.pack encodes an integer, but was a %s' % type(content).__name__) + elif content < 0: +raise ValueError('Packed values must be positive (attempted to pack %i as a %s)' % (content, self.name)) + else: +raise # some other struct exception if self.size != len(packed): raise ValueError('%s is the wrong size for a %s field' % (repr(packed), self.name)) diff --git a/test/unit/client/size.py b/test/unit/client/size.py index 3d7d796f..733db0f4 100644 --- a/test/unit/client/size.py +++ b/test/unit/client/size.py @@ -7,22 +7,17 @@ import unittest from stem.client.datatype import Size -SIGNED_CHAR = Size('SIGNED_CHAR', 1, '!b') - class TestSize(unittest.TestCase): def test_attributes(self): self.assertEqual('CHAR', Size.CHAR.name) self.assertEqual('!B', Size.CHAR.format) -self.assertEqual(True, Size.CHAR.unsigned) self.assertEqual(1, Size.CHAR.size) self.assertEqual(2, Size.SHORT.size) self.assertEqual(4, Size.LONG.size) self.assertEqual(8, Size.LONG_LONG.size) -self.assertEqual(False, SIGNED_CHAR.unsigned) - def test_pack(self): self.assertEqual(b'\x12', Size.CHAR.pack(18)) self.assertEqual(b'\x00\x12', Size.SHORT.pack(18)) @@ -31,13 +26,11 @@ class TestSize(unittest.TestCase): self.assertRaisesWith(ValueError, 'Size.pack encodes an integer, but was a str', Size.CHAR.pack, 'hi') -self.assertRaisesWith(ValueError, 'A CHAR field cannot pack negative values, but -1 was tried', Size.CHAR.pack, -1) +self.assertRaisesWith(ValueError, 'Packed values must be positive (attempted to pack -1 as a CHAR)', Size.CHAR.pack, -1) bad_size = Size('BAD_SIZE', 1, '!H') self.assertRaisesRegexp(ValueError, re.escape("'\\x00\\x12' is the wrong size for a BAD_SIZE field"), bad_size.pack, 18) -self.assertEqual(b'\xFF', SIGNED_CHAR.pack(-1)) - def test_unpack(self): self.assertEqual(18, Size.CHAR.unpack(b'\x12')) self.assertEqual(18, Size.SHORT.unpack(b'\x00\x12')) diff --git a/test/unit/control/controller.py b/test/unit/control/controller.py index 7ee2ab70..ba55208a 100644 --- a/test/unit/control/controller.py +++ b/test/unit/control/controller.py @@ -5,7 +5,6 @@ integ tests, but a few bits lend themselves to unit testing. import datetime import io -import time import unittest import stem.descriptor.router_status_entry ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Actually make copies of the backward digest/key, too
commit 03c115dba10de3aca5374ea61893189e5c8b46a1 Author: Dave Rolek Date: Sat Aug 18 04:14:43 2018 + Actually make copies of the backward digest/key, too And rename the other 'orig_' vars to 'orig_forward_' vars, for clarity. --- stem/client/__init__.py | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 33ac0d8d..91e8c4ca 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -234,8 +234,10 @@ class Circuit(object): """ with self.relay._orport_lock: - orig_digest = self.forward_digest.copy() - orig_key = copy.copy(self.forward_key) + orig_forward_digest = self.forward_digest.copy() + orig_forward_key = copy.copy(self.forward_key) + orig_backward_digest = self.backward_digest.copy() + orig_backward_key = copy.copy(self.backward_key) try: cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) @@ -263,8 +265,10 @@ class Circuit(object): return reply_cells except: -self.forward_digest = orig_digest -self.forward_key = orig_key +self.forward_digest = orig_forward_digest +self.forward_key = orig_forward_key +self.backward_digest = orig_backward_digest +self.backward_key = orig_backward_key raise def close(self): ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Further explain our RelayCell's 'recognized' field
commit 1adde73d6cd05c253346abdaad199b9337cefc68 Author: Damian Johnson Date: Sat Aug 25 14:28:54 2018 -0700 Further explain our RelayCell's 'recognized' field Few months back this field throughly confused me so I asked Roger about it. Passing on the helpful explanation I got from him. --- stem/client/cell.py | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 3f247af4..b40a30e1 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -518,10 +518,16 @@ class RelayCell(CircuitCell): """ Command concerning a relay circuit. + Our 'recognized' attribute provides a cheap (but incomplete) check for if our + cell payload is encrypted. If non-zero our payload *IS* encrypted, but if + zero we're *PROBABLY* fully decrypted. This uncertainty is because encrypted + cells have a small chance of coincidently producing zero for this value as + well. + :var stem.client.RelayCommand command: command to be issued :var int command_int: integer value of our command :var bytes data: payload of the cell - :var int recognized: zero if cell is decrypted, non-zero otherwise + :var int recognized: non-zero if payload is encrypted :var int digest: running digest held with the relay :var int stream_id: specific stream this concerns """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add check_recognized_field instance method to BaseRelayCell
commit f82d839704788a063135a2b32f7657b2f9167fda Author: Dave Rolek Date: Sun Aug 19 03:48:05 2018 + Add check_recognized_field instance method to BaseRelayCell This is new functionality. (Nothing in stem.client currently attempts to check the 'recognized' field.) Not yet used. This is arguably a very inefficient method, and it might even obscure its purpose by existing (it's extremely simple), but it seemed better to break it out and deal with the foreseeable performance hit than to trend towards premature optimization. (It also is a bit counterintuitive for a value of 0 to mean True, so breaking this out makes that clearer.) There are many ways this could be optimized, and - especially since so much of this unit is still in flux - it doesn't make sense yet to do so. --- stem/client/cell.py | 16 1 file changed, 16 insertions(+) diff --git a/stem/client/cell.py b/stem/client/cell.py index 5235331e..250d400a 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -354,6 +354,22 @@ class BaseRelayCell(CircuitCell): # unlike everywhere else, we actually want to use the subclass type, NOT *this* class return cls(circ_id, content) + def check_recognized_field(self): +""" +Checks the 'recognized' field of the cell payload, which indicates whether +it is **probably** fully decrypted. + +:returns: **bool** indicating whether the 'recognized' field indicates + likely decryption. Per the spec: +* **False** guarantees the cell *not* to be fully decrypted. +* **True** does *not* guarantee the cell to be fully decrypted, and it + must be checked further. See also + :func:`~stem.client.cell.BaseRelayCell.check_digest` +""" + +_, recognized_from_cell, _, _, _, _, _ = RelayCell._unpack_payload(self.payload) +return recognized_from_cell == 0 + def check_digest(self, digest): """ Calculates the running digest of the cell payload per the spec, returning ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Refactor apply_digest to remove side effects
commit 1a151d445832df3fdecdb99aa1ecbbe0fee14563 Author: Dave Rolek Date: Wed Aug 15 03:28:03 2018 + Refactor apply_digest to remove side effects Per discussion with Damian over IRC, instances of our Cell classes are intended to be immutable objects. So instead of modifying the RelayCell and having an additional side effect on the digest, this provides a modified copy of each, in a tuple. That makes apply_digest() a pure function, currently with referential transparency (i.e. also deterministic). In the future, it may utilize randomness for cell padding, which would make it non-deterministic. Overall this now more generally follows a functional-programming paradigm. --- stem/client/__init__.py | 4 ++-- stem/client/cell.py | 33 + 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 74b6d2bf..b64956ff 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -239,8 +239,8 @@ class Circuit(object): try: cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) -cell.apply_digest(self.forward_digest) -payload_with_digest = cell.pack_payload() +cell_with_digest, self.forward_digest = cell.apply_digest(self.forward_digest) +payload_with_digest = cell_with_digest.pack_payload() encrypted_payload = self.forward_key.update(payload_with_digest) encrypted_cell = stem.client.cell.RawRelayCell(self.id, encrypted_payload) diff --git a/stem/client/cell.py b/stem/client/cell.py index c1751ed6..fec8bb1b 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -458,7 +458,7 @@ class RelayCell(CircuitCell): def apply_digest(self, digest, prep_cell = True): """ -Calculates, updates, and applies the digest to the cell payload. +Calculates, updates, and applies the digest to the cell payload, returning a new (cell, digest) tuple. :param HASH digest: running digest held with the relay :param bool prep_cell: preps the cell payload according to the spec, if **True** (default) @@ -468,22 +468,31 @@ class RelayCell(CircuitCell): and any 'unused' padding will be taken as-is. Use with caution. -:sideeffect digest: this object will be updated via digest.update(payload) -:sideeffect self.recognized: this will be set to 0, if prep_cell is **True** -:sideeffect self.digest: this will be updated with the calculated digest -:sideeffect self.unused: this will be treated as padding and overwritten, if prep_cell is **True** +:returns: (:class:`~stem.client.cell.RelayCell`, HASH) tuple updated as follows: + digest: updated via digest.update(payload) + RelayCell: a copy of self, with the following updates: + RelayCell.recognized: set to 0, if prep_cell is **True** + RelayCell.digest: updated with the calculated digest + RelayCell.unused: treated as padding and overwritten, if prep_cell is **True** """ if prep_cell: - self.recognized = 0 - self.digest = 0 - self.unused = b'' + new_cell_recognized = 0 + new_cell_digest = 0 + new_cell_unused = b'' +else: + new_cell_recognized = self.recognized + new_cell_digest = self.digest + new_cell_unused = self.unused + +new_digest = digest.copy() +new_cell = RelayCell(self.circ_id, self.command, self.data, digest = new_cell_digest, stream_id = self.stream_id, recognized = new_cell_recognized, unused = new_cell_unused) -payload_without_updated_digest = self.pack_payload() -digest.update(payload_without_updated_digest) -self.digest = RelayCell._coerce_digest(digest) +payload_without_updated_digest = new_cell.pack_payload() +new_digest.update(payload_without_updated_digest) +new_cell.digest = RelayCell._coerce_digest(new_digest) -return +return new_cell, new_digest def pack_payload(self, **kwargs): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Update stem.client.cell docstrings for style, consistency, and clarity
commit 1163efbefe66b10315197d375e3bdf392e8b18fb Author: Dave Rolek Date: Fri Aug 17 20:51:00 2018 + Update stem.client.cell docstrings for style, consistency, and clarity Much of the updates here is to reduce the line length. --- stem/client/cell.py | 42 +- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index fec8bb1b..d1265c10 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -369,7 +369,8 @@ class RelayCell(CircuitCell): :var stem.client.datatype.RelayCommand command: command to be issued :var int command_int: integer value of our command :var bytes data: payload of the cell - :var int recognized: zero if cell is decrypted, otherwise mostly non-zero (can rarely be zero) + :var int recognized: zero if cell is decrypted, otherwise mostly non-zero +(can rarely be zero) :var int digest: running digest held with the relay :var int stream_id: specific stream this concerns """ @@ -458,22 +459,26 @@ class RelayCell(CircuitCell): def apply_digest(self, digest, prep_cell = True): """ -Calculates, updates, and applies the digest to the cell payload, returning a new (cell, digest) tuple. +Calculates, updates, and applies the digest to the cell payload, +returning a new (cell, digest) tuple. :param HASH digest: running digest held with the relay -:param bool prep_cell: preps the cell payload according to the spec, if **True** (default) +:param bool prep_cell: preps the cell payload according to the spec, if + **True** (default) if **False**, the digest will be calculated as-is, namely: -the 'recognized' field will not be set to 0, -the digest field will not be set to 0, -and any 'unused' padding will be taken as-is. - Use with caution. - -:returns: (:class:`~stem.client.cell.RelayCell`, HASH) tuple updated as follows: - digest: updated via digest.update(payload) - RelayCell: a copy of self, with the following updates: - RelayCell.recognized: set to 0, if prep_cell is **True** - RelayCell.digest: updated with the calculated digest - RelayCell.unused: treated as padding and overwritten, if prep_cell is **True** +* the 'recognized' field will not be set to 0, +* the digest field will not be set to 0, +* and any 'unused' padding will be taken as-is. + Use **False** with caution. + +:returns: (:class:`~stem.client.cell.RelayCell`, HASH) tuple of object + copies updated as follows: +* digest: updated via digest.update(payload) +* RelayCell: a copy of self, with the following updates: + * RelayCell.recognized: set to 0, if prep_cell is **True** + * RelayCell.digest: updated with the calculated digest + * RelayCell.unused: treated as padding and overwritten, if prep_cell +is **True** """ if prep_cell: @@ -496,9 +501,11 @@ class RelayCell(CircuitCell): def pack_payload(self, **kwargs): """ -Convenience method for running _pack_payload on self. +Convenience method for running +:func:`~stem.client.cell.RelayCell._pack_payload` on self. -:param bool pad_remaining: (optional, defaults to **True**) pads up to payload size if **True** +:param bool pad_remaining: (optional, defaults to **True**) pads up to + payload size if **True** :returns: **bytes** with the packed payload """ @@ -511,7 +518,8 @@ class RelayCell(CircuitCell): Directly pack the payload without any validation beyond Size constraints. :param int command_int: integer value of our command -:param int recognized: zero if cell is decrypted, otherwise mostly non-zero (can rarely be zero) +:param int recognized: zero if cell is decrypted, otherwise mostly non-zero + (can rarely be zero) :param int stream_id: specific stream this concerns :param HASH,str,int digest: running digest held with the relay :param int data_len: length of body data ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Further simplify digest calculation for encryption
commit 2a76a0acfcf6aa9def2d6585ec8e53eae19b4c3c Author: Dave Rolek Date: Thu Aug 9 21:12:27 2018 + Further simplify digest calculation for encryption This is a continuation of proof-of-concept changes. Again, this is not the final form that encryption will take on. --- stem/client/__init__.py | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 71f6d390..83c20365 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -32,6 +32,7 @@ import threading import stem import stem.client.cell import stem.socket +from stem.util import str_tools import stem.util.connection from stem.client.datatype import ZERO, LinkProtocol, Address, KDF @@ -239,12 +240,15 @@ class Circuit(object): try: # Digests and such are computed using the RELAY cell payload. -cell = stem.client.cell.RelayCell(self.id, command, data, 0, stream_id) -payload_without_digest = cell.pack(self.relay.link_protocol)[-stem.client.cell.FIXED_PAYLOAD_LEN:] + +_, command_int = stem.client.datatype.RelayCommand.get(command) +# coerce to bytes, just in case +data = str_tools._to_bytes(data) + +payload_without_digest = stem.client.cell.RelayCell._pack_payload(command_int, 0, stream_id, 0, len(data), data) self.forward_digest.update(payload_without_digest) +payload_with_digest = stem.client.cell.RelayCell._pack_payload(command_int, 0, stream_id, self.forward_digest, len(data), data) -cell = stem.client.cell.RelayCell(self.id, command, data, self.forward_digest, stream_id) -payload_with_digest = cell.pack(self.relay.link_protocol)[-stem.client.cell.FIXED_PAYLOAD_LEN:] encrypted_payload = self.forward_key.update(payload_with_digest) encrypted_cell = stem.client.cell.RawRelayCell(self.id, encrypted_payload) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add apply_digest instance method to RelayCell
commit 8023618ea74b4fb7b2cb1fca1694f6bff412b45a Author: Dave Rolek Date: Fri Aug 10 20:59:04 2018 + Add apply_digest instance method to RelayCell This method - currently unused - allows moving some of the digest-application logic into the Cell abstraction layer. It is a bit weird for it to have side-effects on a parameter (digest), but it's documented and works fairly logically. --- stem/client/cell.py | 29 + 1 file changed, 29 insertions(+) diff --git a/stem/client/cell.py b/stem/client/cell.py index 39a729f1..c1751ed6 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -456,6 +456,35 @@ class RelayCell(CircuitCell): return command, recognized, stream_id, digest, data_len, data, unused + def apply_digest(self, digest, prep_cell = True): +""" +Calculates, updates, and applies the digest to the cell payload. + +:param HASH digest: running digest held with the relay +:param bool prep_cell: preps the cell payload according to the spec, if **True** (default) + if **False**, the digest will be calculated as-is, namely: +the 'recognized' field will not be set to 0, +the digest field will not be set to 0, +and any 'unused' padding will be taken as-is. + Use with caution. + +:sideeffect digest: this object will be updated via digest.update(payload) +:sideeffect self.recognized: this will be set to 0, if prep_cell is **True** +:sideeffect self.digest: this will be updated with the calculated digest +:sideeffect self.unused: this will be treated as padding and overwritten, if prep_cell is **True** +""" + +if prep_cell: + self.recognized = 0 + self.digest = 0 + self.unused = b'' + +payload_without_updated_digest = self.pack_payload() +digest.update(payload_without_updated_digest) +self.digest = RelayCell._coerce_digest(digest) + +return + def pack_payload(self, **kwargs): """ Convenience method for running _pack_payload on self. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Refactor digest coercion into separate method
commit 853d7336580dae6f080b61a3991fe0a73e498b7f Author: Dave Rolek Date: Fri Aug 10 21:40:59 2018 + Refactor digest coercion into separate method This allows the logic to be reused. It may ultimately be better represented as a @property, but for now this should do fine. --- stem/client/cell.py | 39 +++ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 5ad57788..a7b57326 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -380,6 +380,32 @@ class RelayCell(CircuitCell): CANNOT_DIRECTLY_UNPACK = True def __init__(self, circ_id, command, data, digest = 0, stream_id = 0, recognized = 0, unused = b''): +digest = RelayCell._coerce_digest(digest) + +super(RelayCell, self).__init__(circ_id, unused) +self.command, self.command_int = RelayCommand.get(command) +self.recognized = recognized +self.stream_id = stream_id +self.digest = digest +self.data = str_tools._to_bytes(data) + +if digest == 0: + if not stream_id and self.command in STREAM_ID_REQUIRED: +raise ValueError('%s relay cells require a stream id' % self.command) + elif stream_id and self.command in STREAM_ID_DISALLOWED: +raise ValueError('%s relay cells concern the circuit itself and cannot have a stream id' % self.command) + + @staticmethod + def _coerce_digest(digest): +""" +Coerce any of HASH, str, int into the proper digest type for packing + +:param HASH,str,int digest: digest to be coerced +:returns: digest in type appropriate for packing + +:raises: **ValueError** if input digest type is unsupported +""" + if 'HASH' in str(type(digest)): # Unfortunately hashlib generates from a dynamic private class so # isinstance() isn't such a great option. With python2/python3 the @@ -395,18 +421,7 @@ class RelayCell(CircuitCell): else: raise ValueError('RELAY cell digest must be a hash, string, or int but was a %s' % type(digest).__name__) -super(RelayCell, self).__init__(circ_id, unused) -self.command, self.command_int = RelayCommand.get(command) -self.recognized = recognized -self.stream_id = stream_id -self.digest = digest -self.data = str_tools._to_bytes(data) - -if digest == 0: - if not stream_id and self.command in STREAM_ID_REQUIRED: -raise ValueError('%s relay cells require a stream id' % self.command) - elif stream_id and self.command in STREAM_ID_DISALLOWED: -raise ValueError('%s relay cells concern the circuit itself and cannot have a stream id' % self.command) +return digest def pack(self, link_protocol): payload = bytearray() ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add interpret_cell instance method to BaseRelayCell
commit 40ca0ca23f2f3fc3cab5ece39370ddb565029501 Author: Dave Rolek Date: Sun Aug 19 04:32:52 2018 + Add interpret_cell instance method to BaseRelayCell This method facilitates separating decryption / recognition of a cell from the interpretation of a cell. Many places in the spec indicate that cells should be dropped (ignored) under certain conditions, but that such cells should still be accounted for within the running decryption / digest. Furthermore, it may be useful in some cases to convert between raw cells and interpreted cells, without including the other steps of encryption / decryption. This additionally allows removing one of the interim TODOs in the RELAY cell unit tests. Arguably the tests need some rework with all these changes, but that can come a bit later. Not yet used, beyond the aforementioned unit tests. This method will probably evolve a decent amount, since the unit is still in a state of high flux. --- stem/client/cell.py | 35 +++ test/unit/client/cell.py | 4 ++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 250d400a..a96b2f7b 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -408,6 +408,41 @@ class BaseRelayCell(CircuitCell): return digest_matches, digest_to_return + def interpret_cell(self): +""" +Interprets the cell payload, returning a new +:class:`~stem.client.cell.RelayCell` class or subclass according to its +contents. + +This method should only be used on fully decrypted cells, but that +responsibility is relegated to the caller. + +Furthermore, this interpretation may cause an exception for a NYI relay +command, a malformed cell, or some other reason. + +:returns: :class:`~stem.client.cell.RelayCell` class or subclass +""" + +# TODO: this mapping is quite hardcoded right now, but probably needs to be +# completely reworked once the Cell class hierarchy is better fleshed out. +# +# (It doesn't really make sense to have anything beyond this hack in the +# interim.) +# +# At that time, it would probably be modeled after Cell.by_value(), albeit +# specialized for the multiple types of RELAY / RELAY_EARLY cells. + +relay_cells_by_value = { + RawRelayCell.VALUE: RelayCell, + RelayEarlyCell.VALUE: RelayEarlyCell, +} +new_cls = relay_cells_by_value[self.VALUE] + +dummy_link_protocol = None +new_cell = new_cls._unpack(self.payload, self.circ_id, dummy_link_protocol) + +return new_cell + def __hash__(self): return stem.util._hash_attr(self, 'circ_id', 'payload', cache = True) diff --git a/test/unit/client/cell.py b/test/unit/client/cell.py index 3e091ee5..b4c0bd94 100644 --- a/test/unit/client/cell.py +++ b/test/unit/client/cell.py @@ -235,12 +235,12 @@ class TestCell(unittest.TestCase): self.assertEqual(cell_bytes, RelayCell(circ_id, command, data, digest, stream_id, unused = unused).pack(link_protocol)) self.assertEqual(cell_bytes, RelayCell(circ_id, command_int, data, digest, stream_id, unused = unused).pack(link_protocol)) - # TODO - temporarily, we hack the interim tests by unpacking info via RawRelayCell + # first unpack via RawRelayCell, then interpret into RelayCell raw_cell = Cell.pop(cell_bytes, link_protocol)[0] self.assertEqual(circ_id, raw_cell.circ_id) self.assertEqual(cell_bytes[-FIXED_PAYLOAD_LEN:], raw_cell.payload) - cell = RelayCell._unpack(raw_cell.payload, raw_cell.circ_id, link_protocol) + cell = raw_cell.interpret_cell() self.assertEqual(circ_id, cell.circ_id) self.assertEqual(command, cell.command) self.assertEqual(command_int, cell.command_int) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Refactor RELAY cell encryption into new encrypt instance method
commit 116eb4b3efd01a91093a81d9411582cd43c98584 Author: Dave Rolek Date: Fri Aug 17 19:30:56 2018 + Refactor RELAY cell encryption into new encrypt instance method This further tunes the abstraction layers such that consumers don't need to care at all what part of the Cell is encrypted. They are still responsible for managing the digest/encryption key states, but don't need to know the finer details of the encryption. --- stem/client/__init__.py | 6 +- stem/client/cell.py | 35 +++ 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index b64956ff..a228bebc 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -239,11 +239,7 @@ class Circuit(object): try: cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) -cell_with_digest, self.forward_digest = cell.apply_digest(self.forward_digest) -payload_with_digest = cell_with_digest.pack_payload() - -encrypted_payload = self.forward_key.update(payload_with_digest) -encrypted_cell = stem.client.cell.RawRelayCell(self.id, encrypted_payload) +encrypted_cell, self.forward_digest, self.forward_key = cell.encrypt(self.forward_digest, self.forward_key) reply_cells = [] self.relay._orport.send(encrypted_cell.pack(self.relay.link_protocol)) diff --git a/stem/client/cell.py b/stem/client/cell.py index d1265c10..43dc076c 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -39,6 +39,7 @@ Messages communicated over a Tor relay's ORPort. +- pop - decodes cell with remainder """ +import copy import datetime import inspect import os @@ -499,6 +500,40 @@ class RelayCell(CircuitCell): return new_cell, new_digest + def encrypt(self, digest, encryptor, **kwargs): +""" +Preps a cell payload, including calculating digest, and encrypts it, +returning a new (RawRelayCell, digest, encryptor) tuple. + +The method name is technically a misnomer, as it also preps cell payload +and applies the digest, prior to encrypting. However, these operations +are defined per the spec as required for RELAY cells, and ... + (1) it is a natural mental extension to include them here; + (2) it would be a bit pointless to require method consumers to manually + call both, for pedantry. + +:param HASH digest: running digest held with the relay +:param cryptography.hazmat.primitives.ciphers.CipherContext encryptor: + running stream cipher encryptor held with the relay + +:param bool prep_cell: (optional, defaults to **True**) refer to + :func:`~stem.client.cell.RelayCell.apply_digest` + +:returns: (:class:`~stem.client.cell.RawRelayCell`, HASH, CipherContext) + tuple of object copies updated as follows: +* RawRelayCell: updated as specified in + :func:`~stem.client.cell.RelayCell.apply_digest`, then encrypted +* digest: updated via digest.update(payload) +* encryptor: updated via encryptor.update(payload_with_digest) +""" + +unencrypted_cell, new_digest = self.apply_digest(digest, **kwargs) +new_encryptor = copy.copy(encryptor) +encrypted_payload = new_encryptor.update(unencrypted_cell.pack_payload()) +encrypted_cell = RawRelayCell(unencrypted_cell.circ_id, encrypted_payload) + +return encrypted_cell, new_digest, new_encryptor + def pack_payload(self, **kwargs): """ Convenience method for running ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Fix docstring 'import path' for RelayCommand
commit 36f341f7c882d846b1305beb1a29906a2b97d590 Author: Dave Rolek Date: Sat Aug 11 19:18:09 2018 + Fix docstring 'import path' for RelayCommand --- stem/client/__init__.py | 2 +- stem/client/cell.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 83c20365..b0500c4a 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -227,7 +227,7 @@ class Circuit(object): """ Sends a message over the circuit. -:param stem.client.RelayCommand command: command to be issued +:param stem.client.datatype.RelayCommand command: command to be issued :param bytes data: message payload :param int stream_id: specific stream this concerns diff --git a/stem/client/cell.py b/stem/client/cell.py index 42b95571..381a7387 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -366,7 +366,7 @@ class RelayCell(CircuitCell): """ Command concerning a relay circuit. - :var stem.client.RelayCommand command: command to be issued + :var stem.client.datatype.RelayCommand command: command to be issued :var int command_int: integer value of our command :var bytes data: payload of the cell :var int recognized: zero if cell is decrypted, otherwise mostly non-zero (can rarely be zero) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Further simplify digest application
commit 22e18791388009cb2fafebdb47605b047a288250 Author: Dave Rolek Date: Fri Aug 10 21:22:35 2018 + Further simplify digest application The abstraction layers are starting to look better separated. --- stem/client/__init__.py | 13 +++-- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index b0500c4a..74b6d2bf 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -32,7 +32,6 @@ import threading import stem import stem.client.cell import stem.socket -from stem.util import str_tools import stem.util.connection from stem.client.datatype import ZERO, LinkProtocol, Address, KDF @@ -239,15 +238,9 @@ class Circuit(object): orig_key = copy.copy(self.forward_key) try: -# Digests and such are computed using the RELAY cell payload. - -_, command_int = stem.client.datatype.RelayCommand.get(command) -# coerce to bytes, just in case -data = str_tools._to_bytes(data) - -payload_without_digest = stem.client.cell.RelayCell._pack_payload(command_int, 0, stream_id, 0, len(data), data) -self.forward_digest.update(payload_without_digest) -payload_with_digest = stem.client.cell.RelayCell._pack_payload(command_int, 0, stream_id, self.forward_digest, len(data), data) +cell = stem.client.cell.RelayCell(self.id, command, data, stream_id = stream_id) +cell.apply_digest(self.forward_digest) +payload_with_digest = cell.pack_payload() encrypted_payload = self.forward_key.update(payload_with_digest) encrypted_cell = stem.client.cell.RawRelayCell(self.id, encrypted_payload) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Refactor 'unused' and padding packing into the RELAY cell payload
commit 09c171d60c2b1414aae791d2347b6385caca03de Author: Dave Rolek Date: Thu Aug 9 20:28:15 2018 + Refactor 'unused' and padding packing into the RELAY cell payload This is more appropriate since the spec allows for (and recommends!) different behavior for these bytes than other padding bytes. However, presently the handling is identical. It is also important that the _pack_payload() method be able to produce a full-size payload, for simplifying encryption. --- stem/client/cell.py | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 7c09d0e0..42b95571 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -424,9 +424,9 @@ class RelayCell(CircuitCell): return digest def pack(self, link_protocol): -payload = RelayCell._pack_payload(self.command_int, self.recognized, self.stream_id, self.digest, len(self.data), self.data) +payload = RelayCell._pack_payload(self.command_int, self.recognized, self.stream_id, self.digest, len(self.data), self.data, self.unused) -return RelayCell._pack(link_protocol, payload, self.unused, self.circ_id) +return RelayCell._pack(link_protocol, payload, unused = b'', circ_id = self.circ_id) @classmethod def _unpack(cls, content, circ_id, link_protocol): @@ -457,7 +457,7 @@ class RelayCell(CircuitCell): return command, recognized, stream_id, digest, data_len, data, unused @staticmethod - def _pack_payload(command_int, recognized, stream_id, digest, data_len, data): + def _pack_payload(command_int, recognized, stream_id, digest, data_len, data, unused = b'', pad_remainder = True): """ Directly pack the payload without any validation beyond Size constraints. @@ -467,6 +467,8 @@ class RelayCell(CircuitCell): :param HASH,str,int digest: running digest held with the relay :param int data_len: length of body data :param bytes data: body data of the cell +:param bytes unused: padding bytes to include after data +:param bool pad_remaining: pads up to payload size if **True** :returns: **bytes** with the packed payload """ @@ -478,6 +480,16 @@ class RelayCell(CircuitCell): payload += Size.LONG.pack(RelayCell._coerce_digest(digest)) payload += Size.SHORT.pack(data_len) payload += data +payload += unused + +if len(payload) > FIXED_PAYLOAD_LEN: + raise ValueError('Payload is too large (%i bytes), must not be more than %i.' % (len(payload), FIXED_PAYLOAD_LEN)) + +if pad_remainder: + # right now, it is acceptable to pad the remaining portion with ZEROs instead of random + # this is done due to threat model and simplifying some implementation + # however: in the future (TODO), this may become against the spec; see prop 289 + payload += ZERO * (FIXED_PAYLOAD_LEN - len(payload)) return bytes(payload) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Refactor payload parsing (unpacking) into separate method
commit 0d18570de51486ffa63ad0fe2f8b71be44b34f55 Author: Dave Rolek Date: Wed Aug 8 17:31:29 2018 + Refactor payload parsing (unpacking) into separate method Eventually, having this separated out will help during decryption of cells in multi-hop circuits - each layer of decryption must attempt to interpret the payload in order to ascertain whether it has been fully decrypted. --- stem/client/cell.py | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index a7b57326..9194c29c 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -436,6 +436,23 @@ class RelayCell(CircuitCell): @classmethod def _unpack(cls, content, circ_id, link_protocol): +command, recognized, stream_id, digest, data_len, data, unused = RelayCell._unpack_payload(content) + +if len(data) != data_len: + raise ValueError('%s cell said it had %i bytes of data, but only had %i' % (cls.NAME, data_len, len(data))) + +return RelayCell(circ_id, command, data, digest, stream_id, recognized, unused) + + @staticmethod + def _unpack_payload(content): +""" +Directly interpret the payload without any validation. + +:param bytes content: cell payload + +:returns: (command, recognized, stream_id, digest, data_len, data, unused) tuple +""" + command, content = Size.CHAR.pop(content) recognized, content = Size.SHORT.pop(content) # 'recognized' field stream_id, content = Size.SHORT.pop(content) @@ -443,10 +460,7 @@ class RelayCell(CircuitCell): data_len, content = Size.SHORT.pop(content) data, unused = split(content, data_len) -if len(data) != data_len: - raise ValueError('%s cell said it had %i bytes of data, but only had %i' % (cls.NAME, data_len, len(data))) - -return RelayCell(circ_id, command, data, digest, stream_id, recognized, unused) +return command, recognized, stream_id, digest, data_len, data, unused def __hash__(self): return stem.util._hash_attr(self, 'command_int', 'stream_id', 'digest', 'data', cache = True) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Refactor payload packing into separate method
commit 71c8464c24e4b2af350cfdd9217c0712c538447a Author: Dave Rolek Date: Wed Aug 8 19:04:52 2018 + Refactor payload packing into separate method It's important to decouple packing the payload from packing the whole cell. This is probably not the final form this method will take, but in the interim, it should help reduce the magnitude of violating the Cell abstraction layer, for any payload encryption/decryption. --- stem/client/cell.py | 35 +++ 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 9194c29c..7c09d0e0 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -424,15 +424,9 @@ class RelayCell(CircuitCell): return digest def pack(self, link_protocol): -payload = bytearray() -payload += Size.CHAR.pack(self.command_int) -payload += Size.SHORT.pack(self.recognized) -payload += Size.SHORT.pack(self.stream_id) -payload += Size.LONG.pack(self.digest) -payload += Size.SHORT.pack(len(self.data)) -payload += self.data +payload = RelayCell._pack_payload(self.command_int, self.recognized, self.stream_id, self.digest, len(self.data), self.data) -return RelayCell._pack(link_protocol, bytes(payload), self.unused, self.circ_id) +return RelayCell._pack(link_protocol, payload, self.unused, self.circ_id) @classmethod def _unpack(cls, content, circ_id, link_protocol): @@ -462,6 +456,31 @@ class RelayCell(CircuitCell): return command, recognized, stream_id, digest, data_len, data, unused + @staticmethod + def _pack_payload(command_int, recognized, stream_id, digest, data_len, data): +""" +Directly pack the payload without any validation beyond Size constraints. + +:param int command_int: integer value of our command +:param int recognized: zero if cell is decrypted, otherwise mostly non-zero (can rarely be zero) +:param int stream_id: specific stream this concerns +:param HASH,str,int digest: running digest held with the relay +:param int data_len: length of body data +:param bytes data: body data of the cell + +:returns: **bytes** with the packed payload +""" + +payload = bytearray() +payload += Size.CHAR.pack(command_int) +payload += Size.SHORT.pack(recognized) +payload += Size.SHORT.pack(stream_id) +payload += Size.LONG.pack(RelayCell._coerce_digest(digest)) +payload += Size.SHORT.pack(data_len) +payload += data + +return bytes(payload) + def __hash__(self): return stem.util._hash_attr(self, 'command_int', 'stream_id', 'digest', 'data', cache = True) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Simplify encryption/decryption implementation in Circuit
commit d355d01a7a4709ffc6941722248c9861e2acd306 Author: Dave Rolek Date: Wed Aug 8 03:06:38 2018 + Simplify encryption/decryption implementation in Circuit This is a proof-of-concept change to show the benefits of migrating finer details into the Cell abstraction. It still arguably violates the Cell abstraction by using RelayCell._unpack(), but that can be addressed in a later change. --- stem/client/__init__.py | 40 ++-- 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/stem/client/__init__.py b/stem/client/__init__.py index 24b6de38..71f6d390 100644 --- a/stem/client/__init__.py +++ b/stem/client/__init__.py @@ -34,7 +34,7 @@ import stem.client.cell import stem.socket import stem.util.connection -from stem.client.datatype import ZERO, LinkProtocol, Address, Size, KDF, split +from stem.client.datatype import ZERO, LinkProtocol, Address, KDF __all__ = [ 'cell', @@ -237,45 +237,33 @@ class Circuit(object): orig_digest = self.forward_digest.copy() orig_key = copy.copy(self.forward_key) - # Digests and such are computed using the RELAY cell payload. This - # doesn't include the initial circuit id and cell type fields. - # Circuit ids vary in length depending on the protocol version. - - header_size = self.relay.link_protocol.circ_id_size.size + 1 - try: +# Digests and such are computed using the RELAY cell payload. cell = stem.client.cell.RelayCell(self.id, command, data, 0, stream_id) -payload_without_digest = cell.pack(self.relay.link_protocol)[header_size:] +payload_without_digest = cell.pack(self.relay.link_protocol)[-stem.client.cell.FIXED_PAYLOAD_LEN:] self.forward_digest.update(payload_without_digest) cell = stem.client.cell.RelayCell(self.id, command, data, self.forward_digest, stream_id) -header, payload = split(cell.pack(self.relay.link_protocol), header_size) -encrypted_payload = header + self.forward_key.update(payload) +payload_with_digest = cell.pack(self.relay.link_protocol)[-stem.client.cell.FIXED_PAYLOAD_LEN:] +encrypted_payload = self.forward_key.update(payload_with_digest) +encrypted_cell = stem.client.cell.RawRelayCell(self.id, encrypted_payload) reply_cells = [] -self.relay._orport.send(encrypted_payload) +self.relay._orport.send(encrypted_cell.pack(self.relay.link_protocol)) reply = self.relay._orport.recv() -# Check that we got the correct number of bytes for a series of RELAY cells - -relay_cell_size = header_size + stem.client.cell.FIXED_PAYLOAD_LEN relay_cell_cmd = stem.client.cell.RelayCell.VALUE -if len(reply) % relay_cell_size != 0: - raise stem.ProtocolError('Circuit response should be a series of RELAY cells, but received an unexpected size for a response: %i' % len(reply)) - while reply: - circ_id, reply = self.relay.link_protocol.circ_id_size.pop(reply) - command, reply = Size.CHAR.pop(reply) - payload, reply = split(reply, stem.client.cell.FIXED_PAYLOAD_LEN) + raw_cell, reply = stem.client.cell.Cell.pop(reply, self.relay.link_protocol) - if command != relay_cell_cmd: -raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (relay_cell_cmd, command)) - elif circ_id != self.id: -raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, circ_id)) + if raw_cell.VALUE != relay_cell_cmd: +raise stem.ProtocolError('RELAY cell responses should be %i but was %i' % (relay_cell_cmd, raw_cell.VALUE)) + elif raw_cell.circ_id != self.id: +raise stem.ProtocolError('Response should be for circuit id %i, not %i' % (self.id, raw_cell.circ_id)) - decrypted = self.backward_key.update(payload) - reply_cells.append(stem.client.cell.RelayCell._unpack(decrypted, self.id, self.relay.link_protocol)) + decrypted_payload = self.backward_key.update(raw_cell.payload) + reply_cells.append(stem.client.cell.RelayCell._unpack(decrypted_payload, self.id, self.relay.link_protocol)) return reply_cells except: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Document RawRelayCell in the module overview
commit 98398f6dbce3bca2f146d40abf3894ea2755e054 Author: Dave Rolek Date: Thu Aug 9 19:18:13 2018 + Document RawRelayCell in the module overview The line is long, so this change also extends the vertically aligned table format for other Cell classes, in a forward-looking manner. Arguably this could've been part of the previous change, but it made sense to break it out for readability purposes. --- stem/client/cell.py | 39 --- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index 4f7aec79..f18318da 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -12,26 +12,27 @@ Messages communicated over a Tor relay's ORPort. Cell - Base class for ORPort messages. |- CircuitCell - Circuit management. -| |- CreateCell - Create a circuit. (section 5.1) -| |- CreatedCell - Acknowledge create. (section 5.1) -| |- BaseRelayCell - End-to-end data; abstract. (section 6.1) -| |- RelayCell - End-to-end data.(section 6.1) -| |- DestroyCell - Stop using a circuit. (section 5.4) -| |- CreateFastCell - Create a circuit, no PK. (section 5.1) -| |- CreatedFastCell - Circuit created, no PK. (section 5.1) -| |- RelayEarlyCell - End-to-end data; limited. (section 5.6) -| |- Create2Cell - Extended CREATE cell. (section 5.1) -| +- Created2Cell - Extended CREATED cell. (section 5.1) +| |- CreateCell - Create a circuit. (section 5.1) +| |- CreatedCell - Acknowledge create. (section 5.1) +| |- BaseRelayCell - End-to-end data; abstract. (section 6.1) +| | +- RawRelayCell - End-to-end data. Payload not unpacked. (section 5.5.2.1, 5.5.3) +| |- RelayCell - End-to-end data. (section 6.1) +| |- DestroyCell - Stop using a circuit. (section 5.4) +| |- CreateFastCell - Create a circuit, no PK. (section 5.1) +| |- CreatedFastCell - Circuit created, no PK. (section 5.1) +| |- RelayEarlyCell - End-to-end data; limited. (section 5.6) +| |- Create2Cell - Extended CREATE cell. (section 5.1) +| +- Created2Cell - Extended CREATED cell. (section 5.1) | -|- PaddingCell - Padding negotiation. (section 7.2) -|- VersionsCell - Negotiate proto version.(section 4) -|- NetinfoCell - Time and address info. (section 4.5) -|- PaddingNegotiateCell - Padding negotiation.(section 7.2) -|- VPaddingCell - Variable-length padding.(section 7.2) -|- CertsCell - Relay certificates.(section 4.2) -|- AuthChallengeCell - Challenge value. (section 4.3) -|- AuthenticateCell - Client authentication. (section 4.5) -|- AuthorizeCell - Client authorization. (not yet used) +|- PaddingCell - Padding negotiation. (section 7.2) +|- VersionsCell - Negotiate proto version. (section 4) +|- NetinfoCell - Time and address info. (section 4.5) +|- PaddingNegotiateCell - Padding negotiation. (section 7.2) +|- VPaddingCell - Variable-length padding. (section 7.2) +|- CertsCell - Relay certificates. (section 4.2) +|- AuthChallengeCell - Challenge value. (section 4.3) +|- AuthenticateCell - Client authentication. (section 4.5) +|- AuthorizeCell - Client authorization. (not yet used) | |- pack - encodes cell into bytes |- unpack - decodes series of cells ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add RawRelayCell and temp-fix RelayCell tests (interim)
commit 5d86cbde132d7912c411d9134eee6cc05b745d94 Author: Dave Rolek Date: Wed Aug 8 01:14:27 2018 + Add RawRelayCell and temp-fix RelayCell tests (interim) Notably, this along with CANNOT_DIRECTLY_UNPACK for RelayCell (prior change) allows Cell.pop() and Cell.unpack() to be executed directly on received bytes from a connection, and still process encrypted cells correctly into RELAY cells, to be decrypted later. RelayCell tests marked with TODO where temp-fix was applied. RelayCell implementation will gradually be improved/refactored into better supporting subclasses per command. --- stem/client/cell.py | 5 + test/unit/client/cell.py | 34 -- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index dcebc544..4f7aec79 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -356,6 +356,11 @@ class BaseRelayCell(CircuitCell): return stem.util._hash_attr(self, 'circ_id', 'payload', cache = True) +class RawRelayCell(BaseRelayCell): + NAME = 'RELAY' + VALUE = 3 + + class RelayCell(CircuitCell): """ Command concerning a relay circuit. diff --git a/test/unit/client/cell.py b/test/unit/client/cell.py index b8fe58df..3e091ee5 100644 --- a/test/unit/client/cell.py +++ b/test/unit/client/cell.py @@ -15,6 +15,7 @@ from stem.client.cell import ( Cell, PaddingCell, BaseRelayCell, + RawRelayCell, RelayCell, DestroyCell, CreateFastCell, @@ -93,20 +94,24 @@ AUTH_CHALLENGE_CELLS = { class TestCell(unittest.TestCase): def test_by_name(self): -cls = Cell.by_name('NETINFO') -self.assertEqual('NETINFO', cls.NAME) -self.assertEqual(8, cls.VALUE) -self.assertEqual(True, cls.IS_FIXED_SIZE) +for (expected_class, name, value, is_fixed_size) in ((NetinfoCell, 'NETINFO', 8, True), (RawRelayCell, 'RELAY', 3, True)): + cls = Cell.by_name(name) + self.assertEqual(expected_class, cls) + self.assertEqual(name, cls.NAME) + self.assertEqual(value, cls.VALUE) + self.assertEqual(is_fixed_size, cls.IS_FIXED_SIZE) self.assertRaises(ValueError, Cell.by_name, 'NOPE') self.assertRaises(ValueError, Cell.by_name, 85) self.assertRaises(ValueError, Cell.by_name, None) def test_by_value(self): -cls = Cell.by_value(8) -self.assertEqual('NETINFO', cls.NAME) -self.assertEqual(8, cls.VALUE) -self.assertEqual(True, cls.IS_FIXED_SIZE) +for (expected_class, name, value, is_fixed_size) in ((NetinfoCell, 'NETINFO', 8, True), (RawRelayCell, 'RELAY', 3, True)): + cls = Cell.by_value(value) + self.assertEqual(expected_class, cls) + self.assertEqual(name, cls.NAME) + self.assertEqual(value, cls.VALUE) + self.assertEqual(is_fixed_size, cls.IS_FIXED_SIZE) self.assertRaises(ValueError, Cell.by_value, 'NOPE') self.assertRaises(ValueError, Cell.by_value, 85) @@ -230,7 +235,12 @@ class TestCell(unittest.TestCase): self.assertEqual(cell_bytes, RelayCell(circ_id, command, data, digest, stream_id, unused = unused).pack(link_protocol)) self.assertEqual(cell_bytes, RelayCell(circ_id, command_int, data, digest, stream_id, unused = unused).pack(link_protocol)) - cell = Cell.pop(cell_bytes, link_protocol)[0] + # TODO - temporarily, we hack the interim tests by unpacking info via RawRelayCell + raw_cell = Cell.pop(cell_bytes, link_protocol)[0] + self.assertEqual(circ_id, raw_cell.circ_id) + self.assertEqual(cell_bytes[-FIXED_PAYLOAD_LEN:], raw_cell.payload) + + cell = RelayCell._unpack(raw_cell.payload, raw_cell.circ_id, link_protocol) self.assertEqual(circ_id, cell.circ_id) self.assertEqual(command, cell.command) self.assertEqual(command_int, cell.command_int) @@ -238,7 +248,9 @@ class TestCell(unittest.TestCase): self.assertEqual(digest, cell.digest) self.assertEqual(stream_id, cell.stream_id) self.assertEqual(unused, cell.unused) + self.assertEqual(cell_bytes, cell.pack(link_protocol)) + self.assertEqual(cell_bytes, raw_cell.pack(link_protocol)) digest = hashlib.sha1(b'hi') self.assertEqual(3257622417, RelayCell(5, 'RELAY_BEGIN_DIR', '', digest, 564346860).digest) @@ -258,7 +270,9 @@ class TestCell(unittest.TestCase): ZERO * 498, # data )) -self.assertRaisesWith(ValueError, 'RELAY cell said it had 65535 bytes of data, but only had 498', Cell.pop, mismatched_data_length_bytes, 2) +# TODO - temporarily, we hack the interim tests by unpacking info via RawRelayCell +raw_cell = Cell.pop(mismatched_data_length_bytes, 2)[0] +self.assertRaisesWith(ValueError, 'RELAY cell said it had 65535 bytes of data, but only had 498', RelayCell._unpack, raw_cell.payload, raw_cell.circ_id, 2) def test_destroy_cell(self): for cell_bytes, (circ_id, reason, reason_int, unused, link_protocol) in DESTROY_CELLS.items():
[tor-commits] [stem/master] Standardize some docstring keywords
commit a737624f08aa2a46ff6a91c5459c7644b1e26e3b Author: Dave Rolek Date: Wed Aug 8 19:13:15 2018 + Standardize some docstring keywords s/:parm /:param / s/:raise:/:raises:/ s/:return:/:returns:/ --- stem/client/cell.py | 14 +++--- stem/util/log.py| 2 +- stem/util/term.py | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index f18318da..5ad57788 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -104,9 +104,9 @@ class Cell(object): """ Provides cell attributes by its name. -:parm str name: cell command to fetch +:param str name: cell command to fetch -:raise: **ValueError** if cell type is invalid +:raises: **ValueError** if cell type is invalid """ for _, cls in inspect.getmembers(sys.modules[__name__]): @@ -120,9 +120,9 @@ class Cell(object): """ Provides cell attributes by its value. -:parm int value: cell value to fetch +:param int value: cell value to fetch -:raise: **ValueError** if cell type is invalid +:raises: **ValueError** if cell type is invalid """ for _, cls in inspect.getmembers(sys.modules[__name__]): @@ -202,9 +202,9 @@ class Cell(object): :param bytes payload: cell payload :param int circ_id: circuit id, if a CircuitCell -:return: **bytes** with the encoded payload +:returns: **bytes** with the encoded payload -:raise: **ValueError** if cell type invalid or payload makes cell too large +:raises: **ValueError** if cell type invalid or payload makes cell too large """ if issubclass(cls, CircuitCell): @@ -369,7 +369,7 @@ class RelayCell(CircuitCell): :var stem.client.RelayCommand command: command to be issued :var int command_int: integer value of our command :var bytes data: payload of the cell - :var int recognized: zero if cell is decrypted, non-zero otherwise + :var int recognized: zero if cell is decrypted, otherwise mostly non-zero (can rarely be zero) :var int digest: running digest held with the relay :var int stream_id: specific stream this concerns """ diff --git a/stem/util/log.py b/stem/util/log.py index 81fc88a6..0b2de90a 100644 --- a/stem/util/log.py +++ b/stem/util/log.py @@ -103,7 +103,7 @@ def get_logger(): """ Provides the stem logger. - :return: **logging.Logger** for stem + :returns: **logging.Logger** for stem """ return LOGGER diff --git a/stem/util/term.py b/stem/util/term.py index 3c6fe73a..b4acd61f 100644 --- a/stem/util/term.py +++ b/stem/util/term.py @@ -80,7 +80,7 @@ def encoding(*attrs): :data:`~stem.util.terminal.BgColor`, or :data:`~stem.util.terminal.Attr` to provide an ecoding for - :return: **str** of the ANSI escape sequence, **None** no attributes are + :returns: **str** of the ANSI escape sequence, **None** no attributes are recognized """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add abstract BaseRelayCell class
commit 240b125b01bc7ab2e517852d2e7f5947a799d345 Author: Dave Rolek Date: Fri Aug 3 14:56:31 2018 + Add abstract BaseRelayCell class It's intended to defined common Relay cell functionality, for encrypted and decrypted cells. By unpacking content no further than the payload, this abstraction should allow a lot of flexibility in handling Relay cells prior to decryption. Note that unpacking is not yet possible - subclasses must be defined with a VALUE. (Namely: RELAY and RELAY_EARLY) --- stem/client/cell.py | 36 test/unit/client/cell.py | 31 +++ 2 files changed, 67 insertions(+) diff --git a/stem/client/cell.py b/stem/client/cell.py index 12fa994c..a4fb1a67 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -14,6 +14,7 @@ Messages communicated over a Tor relay's ORPort. |- CircuitCell - Circuit management. | |- CreateCell - Create a circuit. (section 5.1) | |- CreatedCell - Acknowledge create. (section 5.1) +| |- BaseRelayCell - End-to-end data; abstract. (section 6.1) | |- RelayCell - End-to-end data.(section 6.1) | |- DestroyCell - Stop using a circuit. (section 5.4) | |- CreateFastCell - Create a circuit, no PK. (section 5.1) @@ -83,6 +84,7 @@ class Cell(object): The following cell types explicitly don't have *unused* content: * PaddingCell (we consider all content part of payload) * VersionsCell (all content is unpacked and treated as a version specification) +* BaseRelayCell (we don't parse cell beyond header/body) * VPaddingCell (we consider all content part of payload) :var bytes unused: unused filler that padded the cell to the expected size @@ -320,6 +322,40 @@ class CreatedCell(CircuitCell): super(CreatedCell, self).__init__() # TODO: implement +class BaseRelayCell(CircuitCell): + """ + Cell whose subclasses are relayed over circuits. + + :var bytes payload: raw payload, quite possibly encrypted + """ + + NAME = 'INTERNAL_BASE_RELAY' # defined for error/other strings + IS_FIXED_SIZE = True # all relay cells are fixed-size + + # other attributes are deferred to subclasses, since this class cannot be directly unpacked + + def __init__(self, circ_id, payload): +if not payload: + raise ValueError('Relay cells require a payload') +if len(payload) != FIXED_PAYLOAD_LEN: + raise ValueError('Payload should be %i bytes, but was %i' % (FIXED_PAYLOAD_LEN, len(payload))) + +super(BaseRelayCell, self).__init__(circ_id, unused = b'') +self.payload = payload + + def pack(self, link_protocol): +# unlike everywhere else, we actually want to use the subclass type, NOT *this* class +return type(self)._pack(link_protocol, self.payload, circ_id = self.circ_id) + + @classmethod + def _unpack(cls, content, circ_id, link_protocol): +# unlike everywhere else, we actually want to use the subclass type, NOT *this* class +return cls(circ_id, content) + + def __hash__(self): +return stem.util._hash_attr(self, 'circ_id', 'payload', cache = True) + + class RelayCell(CircuitCell): """ Command concerning a relay circuit. diff --git a/test/unit/client/cell.py b/test/unit/client/cell.py index ce492638..278e0b4c 100644 --- a/test/unit/client/cell.py +++ b/test/unit/client/cell.py @@ -5,6 +5,7 @@ Unit tests for the stem.client.cell. import datetime import hashlib import os +import struct import unittest from stem.client.datatype import ZERO, CertType, CloseReason, Address, Certificate @@ -14,6 +15,7 @@ from stem.client.cell import ( FIXED_PAYLOAD_LEN, Cell, PaddingCell, + BaseRelayCell, RelayCell, DestroyCell, CreateFastCell, @@ -188,6 +190,35 @@ class TestCell(unittest.TestCase): self.assertEqual(b'', cell.unused) # always empty self.assertEqual(cell_bytes, cell.pack(link_protocol)) + def test_base_relay_cell(self): +arbitrary_circ_id = 123 +even_more_arbitrary_link_protocol = 1234 + +cell = BaseRelayCell(arbitrary_circ_id, RANDOM_PAYLOAD) +self.assertEqual(RANDOM_PAYLOAD, cell.payload) +self.assertEqual(arbitrary_circ_id, cell.circ_id) +self.assertEqual(True, cell.IS_FIXED_SIZE) + +# Cell.unpack not reachable - won't be tested +# but we can at least directly test _unpack, although it's a pretty simple method +cell_2 = BaseRelayCell._unpack(RANDOM_PAYLOAD, arbitrary_circ_id, even_more_arbitrary_link_protocol) +self.assertEqual(cell, cell_2) + +# pack not possible, but easily callable +self.assertRaises(struct.error, cell.pack, even_more_arbitrary_link_protocol) + +# check other values and inequality +for (circ_id, payload) in ((arbitrary_circ_id, ZERO * FIXED_PAYLOAD_LEN), (arbitrary_circ_id + 1, RANDOM_PAYLOAD)): + unequal_cell = BaseRelayCell(circ_id, payload) +
[tor-commits] [stem/master] Optimize error check for non-negative inputs
commit 71bb7d5e42125f2d89c8dddc56fa16c71989c5cd Author: Dave Rolek Date: Tue Aug 7 18:32:31 2018 + Optimize error check for non-negative inputs stem.client presently makes typical use of non-negative inputs with unsigned types. --- stem/client/datatype.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stem/client/datatype.py b/stem/client/datatype.py index e19adfb1..1c7aec77 100644 --- a/stem/client/datatype.py +++ b/stem/client/datatype.py @@ -358,7 +358,7 @@ class Size(Field): def pack(self, content): if not stem.util._is_int(content): raise ValueError('Size.pack encodes an integer, but was a %s' % type(content).__name__) -if self.unsigned and content < 0: +if content < 0 and self.unsigned: raise ValueError('A %s field cannot pack negative values, but %i was tried' % (self.name, content)) packed = struct.pack(self.format, content) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Adjust test expectation for the different exception rising from Size
commit cb9ff0b16dcac642daa8664a84326d802bead157 Author: Dave Rolek Date: Tue Aug 7 18:56:24 2018 + Adjust test expectation for the different exception rising from Size --- test/unit/client/cell.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/unit/client/cell.py b/test/unit/client/cell.py index 278e0b4c..a6ddf3ea 100644 --- a/test/unit/client/cell.py +++ b/test/unit/client/cell.py @@ -5,7 +5,6 @@ Unit tests for the stem.client.cell. import datetime import hashlib import os -import struct import unittest from stem.client.datatype import ZERO, CertType, CloseReason, Address, Certificate @@ -205,7 +204,8 @@ class TestCell(unittest.TestCase): self.assertEqual(cell, cell_2) # pack not possible, but easily callable -self.assertRaises(struct.error, cell.pack, even_more_arbitrary_link_protocol) +# lots of things cause a ValueError, so this check isn't very specific, but the wording comes from Size and so isn't under the purview of this unit +self.assertRaises(ValueError, cell.pack, even_more_arbitrary_link_protocol) # check other values and inequality for (circ_id, payload) in ((arbitrary_circ_id, ZERO * FIXED_PAYLOAD_LEN), (arbitrary_circ_id + 1, RANDOM_PAYLOAD)): ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Add CANNOT_DIRECTLY_UNPACK facility; set True for existing RelayCell
commit 77310c9cb96c0367412afbc6535ea54fe25fc442 Author: Dave Rolek Date: Tue Aug 7 21:45:26 2018 + Add CANNOT_DIRECTLY_UNPACK facility; set True for existing RelayCell Since RELAY cells come across the wire encrypted, they cannot be directly unpacked - their payload must first be decrypted. Note that this breaks unpacking RelayCell in the interim. --- stem/client/cell.py | 5 +++-- test/unit/client/cell.py | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/stem/client/cell.py b/stem/client/cell.py index a4fb1a67..dcebc544 100644 --- a/stem/client/cell.py +++ b/stem/client/cell.py @@ -109,7 +109,7 @@ class Cell(object): """ for _, cls in inspect.getmembers(sys.modules[__name__]): - if name == getattr(cls, 'NAME', UNDEFINED): + if name == getattr(cls, 'NAME', UNDEFINED) and not getattr(cls, 'CANNOT_DIRECTLY_UNPACK', False): return cls raise ValueError("'%s' isn't a valid cell type" % name) @@ -125,7 +125,7 @@ class Cell(object): """ for _, cls in inspect.getmembers(sys.modules[__name__]): - if value == getattr(cls, 'VALUE', UNDEFINED): + if value == getattr(cls, 'VALUE', UNDEFINED) and not getattr(cls, 'CANNOT_DIRECTLY_UNPACK', False): return cls raise ValueError("'%s' isn't a valid cell value" % value) @@ -371,6 +371,7 @@ class RelayCell(CircuitCell): NAME = 'RELAY' VALUE = 3 IS_FIXED_SIZE = True + CANNOT_DIRECTLY_UNPACK = True def __init__(self, circ_id, command, data, digest = 0, stream_id = 0, recognized = 0, unused = b''): if 'HASH' in str(type(digest)): diff --git a/test/unit/client/cell.py b/test/unit/client/cell.py index a6ddf3ea..b8fe58df 100644 --- a/test/unit/client/cell.py +++ b/test/unit/client/cell.py @@ -220,6 +220,8 @@ class TestCell(unittest.TestCase): self.assertRaisesWith(ValueError, expected_message_format % payload_len, BaseRelayCell, arbitrary_circ_id, ZERO * payload_len) def test_relay_cell(self): +self.assertEquals(True, RelayCell.CANNOT_DIRECTLY_UNPACK) + for cell_bytes, (command, command_int, circ_id, stream_id, data, digest, unused, link_protocol) in RELAY_CELLS.items(): if not unused.strip(ZERO): self.assertEqual(cell_bytes, RelayCell(circ_id, command, data, digest, stream_id).pack(link_protocol)) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Provide a nicer error message for packing negative numbers with unsigned types
commit 2fa32642d4b734821746d2488334ef68c38ad634 Author: Dave Rolek Date: Mon Aug 6 21:45:26 2018 + Provide a nicer error message for packing negative numbers with unsigned types --- stem/client/datatype.py | 3 +++ test/unit/client/size.py | 9 + 2 files changed, 12 insertions(+) diff --git a/stem/client/datatype.py b/stem/client/datatype.py index 5ca4e820..e19adfb1 100644 --- a/stem/client/datatype.py +++ b/stem/client/datatype.py @@ -349,6 +349,7 @@ class Size(Field): self.name = name self.size = size self.format = pack_format +self.unsigned = pack_format.isupper() @staticmethod def pop(packed): @@ -357,6 +358,8 @@ class Size(Field): def pack(self, content): if not stem.util._is_int(content): raise ValueError('Size.pack encodes an integer, but was a %s' % type(content).__name__) +if self.unsigned and content < 0: + raise ValueError('A %s field cannot pack negative values, but %i was tried' % (self.name, content)) packed = struct.pack(self.format, content) diff --git a/test/unit/client/size.py b/test/unit/client/size.py index eebe3619..3d7d796f 100644 --- a/test/unit/client/size.py +++ b/test/unit/client/size.py @@ -7,17 +7,22 @@ import unittest from stem.client.datatype import Size +SIGNED_CHAR = Size('SIGNED_CHAR', 1, '!b') + class TestSize(unittest.TestCase): def test_attributes(self): self.assertEqual('CHAR', Size.CHAR.name) self.assertEqual('!B', Size.CHAR.format) +self.assertEqual(True, Size.CHAR.unsigned) self.assertEqual(1, Size.CHAR.size) self.assertEqual(2, Size.SHORT.size) self.assertEqual(4, Size.LONG.size) self.assertEqual(8, Size.LONG_LONG.size) +self.assertEqual(False, SIGNED_CHAR.unsigned) + def test_pack(self): self.assertEqual(b'\x12', Size.CHAR.pack(18)) self.assertEqual(b'\x00\x12', Size.SHORT.pack(18)) @@ -26,9 +31,13 @@ class TestSize(unittest.TestCase): self.assertRaisesWith(ValueError, 'Size.pack encodes an integer, but was a str', Size.CHAR.pack, 'hi') +self.assertRaisesWith(ValueError, 'A CHAR field cannot pack negative values, but -1 was tried', Size.CHAR.pack, -1) + bad_size = Size('BAD_SIZE', 1, '!H') self.assertRaisesRegexp(ValueError, re.escape("'\\x00\\x12' is the wrong size for a BAD_SIZE field"), bad_size.pack, 18) +self.assertEqual(b'\xFF', SIGNED_CHAR.pack(-1)) + def test_unpack(self): self.assertEqual(18, Size.CHAR.unpack(b'\x12')) self.assertEqual(18, Size.SHORT.unpack(b'\x00\x12')) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-60.1.0esr-8.0-1] fixup! Bug 21569: Add first-party domain to Permissions key
commit d55b7bb578cf644e780d27efa2355c2046bcf689 Author: Kathy Brade Date: Thu Aug 23 09:32:36 2018 -0400 fixup! Bug 21569: Add first-party domain to Permissions key --- browser/components/uitour/content-UITour.js | 3 ++- extensions/cookie/nsPermissionManager.cpp | 28 ++-- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/browser/components/uitour/content-UITour.js b/browser/components/uitour/content-UITour.js index be51b8383d6b..88d300c91419 100644 --- a/browser/components/uitour/content-UITour.js +++ b/browser/components/uitour/content-UITour.js @@ -48,7 +48,8 @@ var UITourListener = { if (!this.isSafeScheme(uri)) return false; -let permission = Services.perms.testPermission(uri, UITOUR_PERMISSION); +let permission = Services.perms.testPermissionFromPrincipal( + content.document.nodePrincipal, UITOUR_PERMISSION); if (permission == Services.perms.ALLOW_ACTION) return true; diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp index 29958695f851..62c7277c7d84 100644 --- a/extensions/cookie/nsPermissionManager.cpp +++ b/extensions/cookie/nsPermissionManager.cpp @@ -207,7 +207,8 @@ GetOriginFromPrincipal(nsIPrincipal* aPrincipal, nsACString& aOrigin) } nsresult -GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal) +GetPrincipalFromOrigin(const nsACString& aOrigin, bool aAddFirstParty, + nsIPrincipal** aPrincipal) { nsAutoCString originNoSuffix; mozilla::OriginAttributes attrs; @@ -223,6 +224,13 @@ GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal) nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix); NS_ENSURE_SUCCESS(rv, rv); + // aAddFirstParty is true when adding the default permissions from + // browser/app/permissions because those permissions refer to the + // first party domain. + if (aAddFirstParty) { +attrs.SetFirstPartyDomain(true, uri); + } + nsCOMPtr principal = mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs); principal.forget(aPrincipal); return NS_OK; @@ -419,7 +427,7 @@ public: int64_t aModificationTime) final { nsCOMPtr principal; -nsresult rv = GetPrincipalFromOrigin(aOrigin, getter_AddRefs(principal)); +nsresult rv = GetPrincipalFromOrigin(aOrigin, false, getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); return mPm->AddInternal(principal, aType, aPermission, mID, @@ -2250,7 +2258,7 @@ nsPermissionManager::GetPermissionObject(nsIPrincipal* aPrincipal, } nsCOMPtr principal; - nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, getter_AddRefs(principal)); + nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, false, getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); PermissionEntry& perm = entry->GetPermissions()[idx]; @@ -2498,7 +2506,7 @@ NS_IMETHODIMP nsPermissionManager::GetEnumerator(nsISimpleEnumerator **aEnum) } nsCOMPtr principal; - nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, + nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, false, getter_AddRefs(principal)); if (NS_FAILED(rv)) { continue; @@ -2593,7 +2601,7 @@ nsPermissionManager::RemoveAllModifiedSince(int64_t aModificationTime) } nsCOMPtr principal; - nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, + nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, false, getter_AddRefs(principal)); if (NS_FAILED(rv)) { continue; @@ -2664,7 +2672,7 @@ nsPermissionManager::RemovePermissionsWithAttributes(mozilla::OriginAttributesPa PermissionHashKey* entry = iter.Get(); nsCOMPtr principal; -nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, +nsresult rv = GetPrincipalFromOrigin(entry->GetKey()->mOrigin, false, getter_AddRefs(principal)); if (NS_FAILED(rv)) { continue; @@ -2851,7 +2859,7 @@ nsPermissionManager::Read() modificationTime = stmt->AsInt64(6); nsCOMPtr principal; -nsresult rv = GetPrincipalFromOrigin(origin, getter_AddRefs(principal)); +nsresult rv = GetPrincipalFromOrigin(origin, false, getter_AddRefs(principal)); if (NS_FAILED(rv)) { readError = true; continue; @@ -3010,7 +3018,7 @@ nsPermissionManager::_DoImport(nsIInputStream *inputStream, mozIStorageConnectio continue; nsCOMPtr principal; - error = GetPrincipalFromOrigin(lineArray[3], getter_AddRefs(principal)); + error = GetPrincipalFromOrigin(lineArray[3], true, getter_AddRefs(principal)); if (NS_FAILED(error)) { NS_WARNING("Couldn't import an origin permission - malformed origin"); continue; @@
[tor-commits] [tor-browser/tor-browser-60.1.0esr-8.0-1] Bug 26962 - implement new features onboarding (part 1).
commit 69b8d3553d21796db96c0913c5747f8724b9b662 Author: Kathy Brade Date: Fri Aug 24 14:47:31 2018 -0400 Bug 26962 - implement new features onboarding (part 1). Add an "Explore" button to the "Circuit Display" panel within new user onboarding which opens the DuckDuckGo .onion and then guides users through a short circuit display tutorial. Allow a few additional UITour actions while limiting as much as possible how it can be used. Tweak the UITour styles to match the Tor Browser branding. All user interface strings are retrieved from Torbutton's browserOnboarding.properties file. --- browser/app/permissions| 2 + browser/components/uitour/UITour.jsm | 51 +++- browser/components/uitour/content-UITour.js| 2 +- browser/extensions/onboarding/bootstrap.js | 16 ++ .../content/onboarding-tor-circuit-display.js | 283 + .../onboarding/content/onboarding-tour-agent.js| 3 - .../extensions/onboarding/content/onboarding.js| 6 +- browser/extensions/onboarding/jar.mn | 1 + browser/themes/shared/UITour.inc.css | 30 +-- 9 files changed, 366 insertions(+), 28 deletions(-) diff --git a/browser/app/permissions b/browser/app/permissions index b4b166c755ae..ac3464afd41c 100644 --- a/browser/app/permissions +++ b/browser/app/permissions @@ -7,6 +7,8 @@ # See nsPermissionManager.cpp for more... # UITour +# DuckDuckGo .onion (used for circuit display onboarding). +origin uitour 1 https://3g2upl4pq6kufc4m.onion origin uitour 1 about:home origin uitour 1 about:newtab origin uitour 1 about:tor diff --git a/browser/components/uitour/UITour.jsm b/browser/components/uitour/UITour.jsm index b282d5c2d885..ce3e20fda662 100644 --- a/browser/components/uitour/UITour.jsm +++ b/browser/components/uitour/UITour.jsm @@ -42,9 +42,23 @@ const PREF_LOG_LEVEL = "browser.uitour.loglevel"; const PREF_SEENPAGEIDS= "browser.uitour.seenPageIDs"; const TOR_BROWSER_PAGE_ACTIONS_ALLOWED = new Set([ + "showInfo", // restricted to TOR_BROWSER_TARGETS_ALLOWED + "showMenu", // restricted to TOR_BROWSER_MENUS_ALLOWED + "hideMenu", // restricted to TOR_BROWSER_MENUS_ALLOWED + "closeTab", "torBrowserOpenSecuritySettings", ]); +const TOR_BROWSER_TARGETS_ALLOWED = new Set([ + "torBrowser-circuitDisplay", + "torBrowser-circuitDisplay-diagram", + "torBrowser-circuitDisplay-newCircuitButton", +]); + +const TOR_BROWSER_MENUS_ALLOWED = new Set([ + "controlCenter", +]); + const BACKGROUND_PAGE_ACTIONS_ALLOWED = new Set([ "forceShowReaderIcon", "getConfiguration", @@ -103,6 +117,14 @@ var UITour = { highlightEffects: ["random", "wobble", "zoom", "color"], targets: new Map([ +["torBrowser-circuitDisplay", { + query: "#connection-icon", +}], +["torBrowser-circuitDisplay-diagram", + torBrowserCircuitDisplayTarget("circuit-display-nodes")], +["torBrowser-circuitDisplay-newCircuitButton", + torBrowserCircuitDisplayTarget("circuit-reload-button")], + ["accountStatus", { query: (aDocument) => { // If the user is logged in, use the avatar element. @@ -945,7 +967,7 @@ var UITour = { // This function is copied to UITourListener. isSafeScheme(aURI) { -let allowedSchemes = new Set(["about"]); +let allowedSchemes = new Set(["about", "https"]); if (!allowedSchemes.has(aURI.scheme)) { log.error("Unsafe scheme:", aURI.scheme); @@ -988,7 +1010,10 @@ var UITour = { return Promise.reject("Invalid target name specified"); } -let targetObject = this.targets.get(aTargetName); +let targetObject; +if (TOR_BROWSER_TARGETS_ALLOWED.has(aTargetName)) { + targetObject = this.targets.get(aTargetName); +} if (!targetObject) { log.warn("getTarget: The specified target name is not in the allowed set"); return Promise.reject("The specified target name is not in the allowed set"); @@ -1389,6 +1414,10 @@ var UITour = { }, showMenu(aWindow, aMenuName, aOpenCallback = null) { +if (!TOR_BROWSER_MENUS_ALLOWED.has(aMenuName)) { + return; +} + log.debug("showMenu:", aMenuName); function openMenuButton(aMenuBtn) { if (!aMenuBtn || !aMenuBtn.boxObject || aMenuBtn.open) { @@ -1485,6 +1514,10 @@ var UITour = { }, hideMenu(aWindow, aMenuName) { +if (!TOR_BROWSER_MENUS_ALLOWED.has(aMenuName)) { + return; +} + log.debug("hideMenu:", aMenuName); function closeMenuButton(aMenuBtn) { if (aMenuBtn && aMenuBtn.boxObject) @@ -1872,6 +1905,20 @@ function controlCenterTrackingToggleTarget(aUnblock) { }; } +function torBrowserCircuitDisplayTarget(aElemID) { + return { +infoPanelPosition: "rightcenter topleft", +query(aDocument) { + let popup = aDocument.defaultView.gIdentityHandler._identityPopup; + if (popup.state !=
[tor-commits] [tor-browser/tor-browser-60.1.0esr-8.0-1] Bug 26962 - implement new features onboarding (part 2).
commit d5f82c2a5747108cc60607b3b7608e9c34640848 Author: Kathy Brade Date: Fri Aug 24 14:52:52 2018 -0400 Bug 26962 - implement new features onboarding (part 2). Add a "New Circuit Display" promotional banner to the about:tbupdate page. --- .../base/content/abouttbupdate/aboutTBUpdate.css | 25 ++ .../base/content/abouttbupdate/aboutTBUpdate.js| 9 +++- .../base/content/abouttbupdate/aboutTBUpdate.xhtml | 5 + browser/base/content/tab-content.js| 10 + .../locales/en-US/chrome/browser/aboutTBUpdate.dtd | 4 5 files changed, 52 insertions(+), 1 deletion(-) diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css b/browser/base/content/abouttbupdate/aboutTBUpdate.css index 2b73552729fc..7ec1950e1474 100644 --- a/browser/base/content/abouttbupdate/aboutTBUpdate.css +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css @@ -53,6 +53,31 @@ a { margin-bottom: 20px; } +#new-features { + margin-bottom: 15px; + padding: 10px; + text-align: center; + /* swap text and background colors in this section */ + color: var(--abouttor-bg-toron-color); + background-color: var(--abouttor-text-color); +} + +#new-features-description { + margin: 15px auto; + max-width: 500px; + font-size: 85%; +} + +#new-features button { + padding: 8px 20px; + border: none; + border-radius: 3px; + font-size: 90%; + color: var(--abouttor-text-color); + background-color: var(--abouttor-bg-toron-color); + cursor: pointer; +} + #changelog-container { margin: 0px 20px 20px 20px; } diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.js b/browser/base/content/abouttbupdate/aboutTBUpdate.js index 8243647c5708..fa8bd3241a28 100644 --- a/browser/base/content/abouttbupdate/aboutTBUpdate.js +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.js @@ -1,4 +1,4 @@ -// Copyright (c) 2015, The Tor Project, Inc. +// Copyright (c) 2018, The Tor Project, Inc. // See LICENSE for licensing information. // // vim: set sw=2 sts=2 ts=8 et syntax=javascript: @@ -8,3 +8,10 @@ function init() let event = new CustomEvent("AboutTBUpdateLoad", { bubbles: true }); document.dispatchEvent(event); } + +function showNewFeaturesOnboarding() +{ + let event = new CustomEvent("AboutTBUpdateNewFeaturesOnboarding", + { bubbles: true }); + document.dispatchEvent(event); +} diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml index fe8ed69b537f..a046f2658a5a 100644 --- a/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml @@ -28,6 +28,11 @@ + + + + + diff --git a/browser/base/content/tab-content.js b/browser/base/content/tab-content.js index e0cf6747aaa4..c0987dbc05c7 100644 --- a/browser/base/content/tab-content.js +++ b/browser/base/content/tab-content.js @@ -359,6 +359,8 @@ AboutReaderListener.init(); let AboutTBUpdateListener = { init: function(chromeGlobal) { chromeGlobal.addEventListener('AboutTBUpdateLoad', this, false, true); +chromeGlobal.addEventListener("AboutTBUpdateNewFeaturesOnboarding", + this, false, true); }, get isAboutTBUpdate() { @@ -373,6 +375,9 @@ let AboutTBUpdateListener = { case "AboutTBUpdateLoad": this.onPageLoad(); break; + case "AboutTBUpdateNewFeaturesOnboarding": +this.onNewFeaturesOnboarding(); +break; case "pagehide": this.onPageHide(aEvent); break; @@ -406,6 +411,11 @@ let AboutTBUpdateListener = { removeEventListener("pagehide", this, true); }, + onNewFeaturesOnboarding: function() { +// Tell the onboarding extension to open the circuit display onboarding. +sendAsyncMessage("Onboarding:OnContentMessage", + {action: "tor-open-circuit-display-page"}); + }, }; AboutTBUpdateListener.init(this); #endif diff --git a/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd index 37567bd7e38c..f7b3f2ed8fcd 100644 --- a/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd +++ b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd @@ -4,3 +4,7 @@ + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser/tor-browser-60.1.0esr-8.0-1] Bug 27213 - Update about:tbupdate to new (about:tor) layout
commit 61d599ed4c5bb5ace0fc958faaf302dc968cc542 Author: Kathy Brade Date: Fri Aug 24 14:51:11 2018 -0400 Bug 27213 - Update about:tbupdate to new (about:tor) layout Adjust colors, fonts, and the page background to match the new about:tor. --- .../base/content/abouttbupdate/aboutTBUpdate.css | 27 -- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css b/browser/base/content/abouttbupdate/aboutTBUpdate.css index c171c58624ec..2b73552729fc 100644 --- a/browser/base/content/abouttbupdate/aboutTBUpdate.css +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css @@ -1,7 +1,20 @@ +/* + * Copyright (c) 2018, The Tor Project, Inc. + * See LICENSE for licensing information. + * + * vim: set sw=2 sts=2 ts=8 et syntax=css: + */ + +:root { + --abouttor-text-color: white; + --abouttor-bg-toron-color: #420C5D; +} + body { - font-family: sans-serif; + font-family: Helvetica, Arial, sans-serif; font-size: 110%; - background-image: -moz-linear-gradient(top, #ff, #ff 10%, #d5ffd5 50%, #d5ffd5); + color: var(--abouttor-text-color); + background-color: var(--abouttor-bg-toron-color); background-attachment: fixed; background-size: 100% 100%; } @@ -13,11 +26,13 @@ body { right: 6px; height: 30px; width: 200px; + font-size: 15px; white-space: pre-wrap; text-align: right; - color: #4d4d4d; - font-family: "Liberation Sans", Arial, Helvetica, sans-serif; - font-size: 14px; +} + +a { + color: var(--abouttor-text-color); } #logo { @@ -35,7 +50,6 @@ body { #msg-updated { font-size: 120%; - font-weight: bold; margin-bottom: 20px; } @@ -44,7 +58,6 @@ body { } #changelog-heading { - font-weight: bold; margin-bottom: 4px; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torbutton/master] Bug 26962: Circuit display onboarding (part 2).
commit c93f06417e0bdbd6d709ec5109938347d1d38123 Author: Kathy Brade Date: Thu Aug 23 16:44:06 2018 -0400 Bug 26962: Circuit display onboarding (part 2). Add strings for a "New Circuit Display" promotional banner which is shown on the about:tbupdate page. --- src/chrome/locale/en/aboutTBUpdate.dtd | 4 1 file changed, 4 insertions(+) diff --git a/src/chrome/locale/en/aboutTBUpdate.dtd b/src/chrome/locale/en/aboutTBUpdate.dtd index 37567bd7..f7b3f2ed 100644 --- a/src/chrome/locale/en/aboutTBUpdate.dtd +++ b/src/chrome/locale/en/aboutTBUpdate.dtd @@ -4,3 +4,7 @@ + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tba-android_stringsdtd] Update translations for tba-android_stringsdtd
commit 52cb6a59961bb1f73a1d1fd580b2b37b33c7d161 Author: Translation commit bot Date: Sun Aug 26 12:16:55 2018 + Update translations for tba-android_stringsdtd --- ast/android_strings.dtd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ast/android_strings.dtd b/ast/android_strings.dtd index 5ae33eb82..b1359ff8c 100644 --- a/ast/android_strings.dtd +++ b/ast/android_strings.dtd @@ -515,7 +515,7 @@ - + @@ -560,7 +560,7 @@ - + @@ -721,7 +721,7 @@ just addresses the organization to follow, e.g. "This site is run by " --> - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
commit 42fca819024babc5f59c6c7d82a92b1474aadcf9 Author: Translation commit bot Date: Sun Aug 26 12:16:29 2018 + Update translations for tails-openpgp-applet --- ar/openpgp-applet.pot | 29 +++-- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/ar/openpgp-applet.pot b/ar/openpgp-applet.pot index 848800151..ada40a975 100644 --- a/ar/openpgp-applet.pot +++ b/ar/openpgp-applet.pot @@ -4,6 +4,7 @@ # # Translators: # ButterflyOfFire, 2018 +# Emma Peel, 2018 # ouss , 2016 # Singapore Goldindor, 2016 msgid "" @@ -11,8 +12,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-07-03 13:30+\n" -"Last-Translator: Khaled Hosny \n" +"PO-Revision-Date: 2018-08-26 12:14+\n" +"Last-Translator: Emma Peel\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -95,12 +96,12 @@ msgstr "بص٠ات" #: bin/openpgp-applet:436 msgid "User ID:" msgid_plural "User IDs:" -msgstr[0] "" -msgstr[1] "" -msgstr[2] "" -msgstr[3] "" -msgstr[4] "" -msgstr[5] "" +msgstr[0] "Ù ÙعرÙÙ٠اÙ٠ستخد٠:" +msgstr[1] "Ù ÙعرÙÙ٠اÙ٠ستخد٠:" +msgstr[2] "ÙÙÙات اÙ٠ستخد٠ÙÙ:" +msgstr[3] "ÙÙÙات اÙ٠ستخد٠ÙÙ:" +msgstr[4] "ÙÙÙات اÙ٠ستخد٠ÙÙ:" +msgstr[5] "ÙÙÙات اÙ٠ستخد٠ÙÙ:" #: bin/openpgp-applet:465 msgid "None (Don't sign)" @@ -135,12 +136,12 @@ msgstr "Ù٠تث٠بÙذ٠اÙÙ ÙاتÙØØ" #: bin/openpgp-applet:592 msgid "The following selected key is not fully trusted:" msgid_plural "The following selected keys are not fully trusted:" -msgstr[0] "" -msgstr[1] "" -msgstr[2] "" -msgstr[3] "" -msgstr[4] "" -msgstr[5] "" +msgstr[0] "اÙÙ ÙاتÙØ Ø§ÙتاÙÙØ© غÙر Ù ÙØ«ÙÙØ© باÙÙا٠Ù:" +msgstr[1] "اÙÙ ÙاتÙØ Ø§ÙتاÙÙØ© غÙر Ù ÙØ«ÙÙØ© باÙÙا٠Ù:" +msgstr[2] "اÙÙ ÙاتÙØ Ø§ÙتاÙÙØ© غÙر Ù ÙØ«ÙÙØ© باÙÙا٠Ù:" +msgstr[3] "اÙÙ ÙاتÙØ Ø§ÙتاÙÙØ© غÙر Ù ÙØ«ÙÙØ© باÙÙا٠Ù:" +msgstr[4] "اÙÙ ÙاتÙØ Ø§ÙتاÙÙØ© غÙر Ù ÙØ«ÙÙØ© باÙÙا٠Ù:" +msgstr[5] "اÙÙ ÙاتÙØ Ø§ÙتاÙÙØ© غÙر Ù ÙØ«ÙÙØ© باÙÙا٠Ù:" #: bin/openpgp-applet:610 msgid "Do you trust this key enough to use it anyway?" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 5507d99d0b00c19d0adef6311bc1fff0ffaa8854 Author: Translation commit bot Date: Sun Aug 26 12:15:56 2018 + Update translations for tails-misc --- ar.po | 4 ++-- ast.po | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ar.po b/ar.po index 1b8c3d4c3..c270ed762 100644 --- a/ar.po +++ b/ar.po @@ -29,7 +29,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-08-16 07:57+0200\n" -"PO-Revision-Date: 2018-08-26 09:57+\n" +"PO-Revision-Date: 2018-08-26 12:12+\n" "Last-Translator: Emma Peel\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" @@ -175,7 +175,7 @@ msgstr "" msgid "" "Please check your list of additional software or read the system log to " "understand the problem." -msgstr "" +msgstr "Ùش٠اÙتÙصÙب. رجاء راجع ضبط اÙبر٠جÙات اÙإضاÙÙØ©Ø Ø£Ù Ø·Ø§Ùع سج٠اÙÙظا٠Ù٠عرÙØ© اÙÙ Ø´ÙÙØ© Ø£ÙضÙ." #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:151 msgid "Show Log" diff --git a/ast.po b/ast.po index e70780f4e..2d95b9a13 100644 --- a/ast.po +++ b/ast.po @@ -8,8 +8,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-08-16 07:57+0200\n" -"PO-Revision-Date: 2018-08-16 14:42+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2018-08-26 12:02+\n" +"Last-Translator: Xuacu Saturio \n" "Language-Team: Asturian (http://www.transifex.com/otf/torproject/language/ast/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -364,7 +364,7 @@ msgstr "" #: config/chroot_local-includes/usr/local/bin/tails-screen-locker:135 msgid "Password" -msgstr "" +msgstr "Contraseña" #: config/chroot_local-includes/usr/local/bin/tails-screen-locker:141 msgid "Confirm" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/abouttor-homepage] Update translations for abouttor-homepage
commit e7e28a55e5d97ae25cbe9d4a4f245fdb984506cb Author: Translation commit bot Date: Sun Aug 26 10:45:03 2018 + Update translations for abouttor-homepage --- ko/aboutTor.dtd | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ko/aboutTor.dtd b/ko/aboutTor.dtd index 83ea0c93d..a3ae1827b 100644 --- a/ko/aboutTor.dtd +++ b/ko/aboutTor.dtd @@ -6,20 +6,20 @@ - - + + - + https://duckduckgo.com;> - + - + - + https://www.torproject.org/getinvolved/volunteer.html.en;> ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit c278debc981e9295cc85d8b7eaa6384eaa81137e Author: Translation commit bot Date: Sun Aug 26 10:19:04 2018 + Update translations for support-portal --- contents+es.po | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contents+es.po b/contents+es.po index 5f7890721..23cbb7fd2 100644 --- a/contents+es.po +++ b/contents+es.po @@ -2017,6 +2017,9 @@ msgid "" "href=\"https://www.torproject.org/projects/torbrowser.html.en\;>Tor " "Browser in the following languages:" msgstr "" +"Actualmente ofrecemos el https://www.torproject.org/projects/torbrowser.html.en\;>navegador " +"Tor en los siguientes idiomas:" #: http//localhost/tbb/tbb-39/ #: (content/tbb/tbb-39/contents+en.lrquestion.seo_slug) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal_completed] Update translations for support-portal_completed
commit 0168242eb1e0b130df277819d83a5021aca0b6af Author: Translation commit bot Date: Sun Aug 26 10:19:10 2018 + Update translations for support-portal_completed --- contents+es.po | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contents+es.po b/contents+es.po index 5f7890721..23cbb7fd2 100644 --- a/contents+es.po +++ b/contents+es.po @@ -2017,6 +2017,9 @@ msgid "" "href=\"https://www.torproject.org/projects/torbrowser.html.en\;>Tor " "Browser in the following languages:" msgstr "" +"Actualmente ofrecemos el https://www.torproject.org/projects/torbrowser.html.en\;>navegador " +"Tor en los siguientes idiomas:" #: http//localhost/tbb/tbb-39/ #: (content/tbb/tbb-39/contents+en.lrquestion.seo_slug) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/whisperback] Update translations for whisperback
commit 3eed1a24857f7634404ec7f5dbc3eae8190e1a86 Author: Translation commit bot Date: Sun Aug 26 10:18:55 2018 + Update translations for whisperback --- ar/ar.po | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ar/ar.po b/ar/ar.po index 4f842eb83..761d06f3e 100644 --- a/ar/ar.po +++ b/ar/ar.po @@ -4,6 +4,7 @@ # # Translators: # ButterflyOfFire, 2018 +# Emma Peel, 2018 # mohammad ali , 2017 # Mohammed ALDOUB , 2012 # Mohammed ALDOUB , 2012 @@ -13,8 +14,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-06-11 17:17+0200\n" -"PO-Revision-Date: 2018-08-07 08:48+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2018-08-26 09:55+\n" +"Last-Translator: Emma Peel\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -192,7 +193,7 @@ msgstr "Ùص٠اÙخطأ" #: ../data/whisperback.ui.h:24 msgid "Help:" -msgstr "" +msgstr "٠ساعدة:" #: ../data/whisperback.ui.h:25 msgid "Read our bug reporting guidelines." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit a9117476b858b06881171e931764c510a8cf69da Author: Translation commit bot Date: Sun Aug 26 10:16:43 2018 + Update translations for tails-persistence-setup --- ar/ar.po | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ar/ar.po b/ar/ar.po index e6f041849..fb467140f 100644 --- a/ar/ar.po +++ b/ar/ar.po @@ -6,6 +6,7 @@ # kraim , 2013 # Ash , 2014 # ButterflyOfFire, 2018 +# Emma Peel, 2018 # Fortas Abdeldjalil , 2015 # 0xidz , 2014 # alshara3 , 2013 @@ -20,8 +21,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2018-08-16 11:14+0200\n" -"PO-Revision-Date: 2018-08-16 14:16+\n" -"Last-Translator: Rahma Sghaier \n" +"PO-Revision-Date: 2018-08-26 09:53+\n" +"Last-Translator: Emma Peel\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -120,7 +121,7 @@ msgstr "ابÙ٠عÙ٠اÙÙ ÙÙات Ù٠اÙدÙÙ٠اÙدائ٠" #: ../lib/Tails/Persistence/Configuration/Presets.pm:71 msgid "Browser Bookmarks" -msgstr "" +msgstr "اÙÙ ÙاÙع اÙ٠خزÙØ© باÙ٠تصÙØ" #: ../lib/Tails/Persistence/Configuration/Presets.pm:73 msgid "Bookmarks saved in the Tor Browser" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit e8fa8bc1178c1790e471946b38977553a7238e84 Author: Translation commit bot Date: Sun Aug 26 10:15:56 2018 + Update translations for tails-misc --- ar.po | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ar.po b/ar.po index bf905d247..1b8c3d4c3 100644 --- a/ar.po +++ b/ar.po @@ -11,6 +11,7 @@ # Ash , 2014 # ASSYASS Mahmoud , 2017 # ButterflyOfFire, 2018 +# Emma Peel, 2018 # 0xidz , 2014 # lamine Kacimi , 2015 # Khaled Hosny, 2018 @@ -28,8 +29,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-08-16 07:57+0200\n" -"PO-Revision-Date: 2018-08-16 14:42+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2018-08-26 09:57+\n" +"Last-Translator: Emma Peel\n" "Language-Team: Arabic (http://www.transifex.com/otf/torproject/language/ar/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -271,7 +272,7 @@ msgstr "" #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:519 msgid "This can take several minutes." -msgstr "" +msgstr "ÙÙ Ù٠أ٠Ùستغر٠Ùذا بعض اÙÙÙت..." #: config/chroot_local-includes/usr/local/sbin/tails-additional-software:530 msgid "The installation of your additional software failed" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/abouttor-homepage] Update translations for abouttor-homepage
commit 5958dd8b897ef157b2d6c05d9b67b969e60fed95 Author: Translation commit bot Date: Sun Aug 26 10:15:03 2018 + Update translations for abouttor-homepage --- ar/aboutTor.dtd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ar/aboutTor.dtd b/ar/aboutTor.dtd index 6a71cdd96..bd0d2b38b 100644 --- a/ar/aboutTor.dtd +++ b/ar/aboutTor.dtd @@ -6,7 +6,7 @@ - + @@ -18,8 +18,8 @@ - + - + https://www.torproject.org/getinvolved/volunteer.html.en;> ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit c6629e4b00ce0529374ed4c04905e1e725326ef9 Author: Translation commit bot Date: Sun Aug 26 07:48:54 2018 + Update translations for support-portal --- contents+es.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contents+es.po b/contents+es.po index 97dd5649d..5f7890721 100644 --- a/contents+es.po +++ b/contents+es.po @@ -338,7 +338,7 @@ msgstr "" #: http//localhost/censorship/censorship-4/ #: (content/censorship/censorship-4/contents+en.lrquestion.seo_slug) msgid "cant-connect-to-tor-browser" -msgstr "no-se-puede-conectar-el-navegador-tor-en-una-red-censurada" +msgstr "no-se-puede-conectar-el-navegador-tor" #: http//localhost/https/https-1/ #: (content/https/https-1/contents+en.lrquestion.description) @@ -748,8 +748,8 @@ msgid "" "rights activists, journalists, abuse survivors, and other people who use Tor" " for good things." msgstr "" -"Odiamos que haya personas que usen Tor para hacer cosas terribles, pero no " -"podemos hacer nada para librarnos de ellos sin perjudicar también a los " +"No nos gusta que haya personas que usen Tor para hacer cosas terribles, pero" +" no podemos hacer nada para librarnos de ellos sin perjudicar también a los " "activistas pro derechos humanos, periodistas, supervivientes de abusos, y " "otras personas que usan Tor para cosas buenas." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal_completed] Update translations for support-portal_completed
commit 05a30f91d9a27e6a07a24dbe96624385d418a867 Author: Translation commit bot Date: Sun Aug 26 07:48:59 2018 + Update translations for support-portal_completed --- contents+es.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contents+es.po b/contents+es.po index 97dd5649d..5f7890721 100644 --- a/contents+es.po +++ b/contents+es.po @@ -338,7 +338,7 @@ msgstr "" #: http//localhost/censorship/censorship-4/ #: (content/censorship/censorship-4/contents+en.lrquestion.seo_slug) msgid "cant-connect-to-tor-browser" -msgstr "no-se-puede-conectar-el-navegador-tor-en-una-red-censurada" +msgstr "no-se-puede-conectar-el-navegador-tor" #: http//localhost/https/https-1/ #: (content/https/https-1/contents+en.lrquestion.description) @@ -748,8 +748,8 @@ msgid "" "rights activists, journalists, abuse survivors, and other people who use Tor" " for good things." msgstr "" -"Odiamos que haya personas que usen Tor para hacer cosas terribles, pero no " -"podemos hacer nada para librarnos de ellos sin perjudicar también a los " +"No nos gusta que haya personas que usen Tor para hacer cosas terribles, pero" +" no podemos hacer nada para librarnos de ellos sin perjudicar también a los " "activistas pro derechos humanos, periodistas, supervivientes de abusos, y " "otras personas que usan Tor para cosas buenas." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal] Update translations for support-portal
commit 76d51441668e6f7f22d14a9aca6df1c9b2ac0100 Author: Translation commit bot Date: Sun Aug 26 07:18:58 2018 + Update translations for support-portal --- contents+es.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contents+es.po b/contents+es.po index 12699a31e..97dd5649d 100644 --- a/contents+es.po +++ b/contents+es.po @@ -4566,7 +4566,7 @@ msgstr "Suscribirse a nuestra lista de correo" #: templates/footer.html:25 msgid "Get monthly updates and opportunities from the Tor Project" -msgstr "Obtener actualizaciones mensuales y oportunidades del Proyecto Tor" +msgstr "Recibir noticias mensuales y oportunidades del Proyecto Tor" #: templates/footer.html:32 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal_completed] Update translations for support-portal_completed
commit 72be9a69959ce43209012404e244f13c3e80170e Author: Translation commit bot Date: Sun Aug 26 07:19:03 2018 + Update translations for support-portal_completed --- contents+es.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contents+es.po b/contents+es.po index 12699a31e..97dd5649d 100644 --- a/contents+es.po +++ b/contents+es.po @@ -4566,7 +4566,7 @@ msgstr "Suscribirse a nuestra lista de correo" #: templates/footer.html:25 msgid "Get monthly updates and opportunities from the Tor Project" -msgstr "Obtener actualizaciones mensuales y oportunidades del Proyecto Tor" +msgstr "Recibir noticias mensuales y oportunidades del Proyecto Tor" #: templates/footer.html:32 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/support-portal_completed] Update translations for support-portal_completed
commit 858f0bd16dffd4f571a5b303db6821205a06 Author: Translation commit bot Date: Sun Aug 26 06:49:33 2018 + Update translations for support-portal_completed --- contents+es.po | 119 +++- contents+tr.po | 119 +++- contents.pot | 120 - 3 files changed, 173 insertions(+), 185 deletions(-) diff --git a/contents+es.po b/contents+es.po index c1c100528..12699a31e 100644 --- a/contents+es.po +++ b/contents+es.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-08-25 17:55+CET\n" +"POT-Creation-Date: 2018-08-26 08:16+CET\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Eduardo Carmona , 2018\n" "Language-Team: Spanish (https://www.transifex.com/otf/teams/1519/es/)\n" @@ -294,11 +294,6 @@ msgstr "" msgid "setting-tor-browser-as-default" msgstr "configurando-tor-por-defecto" -#: http//localhost/tbb/tbb-37/ -#: (content/tbb/tbb-37/contents+en.lrquestion.description) -msgid "We currently offer Tor Browser in the following languages:" -msgstr "Actualmente presentamos el navegador Tor en los siguientes idiomas:" - #: http//localhost/tbb/tbb-15/ #: (content/tbb/tbb-15/contents+en.lrquestion.description) msgid "" @@ -1040,11 +1035,6 @@ msgstr "No recomendamos usar Tor con bittorrent." msgid "* tor.real" msgstr "* tor.real" -#: http//localhost/operators/operators-6/ -#: (content/operators/operators-6/contents+en.lrquestion.description) -msgid "bandwidth caps)" -msgstr "lÃmites al ancho de banda)" - #: http//localhost/connecting/connecting-2/ #: (content/connecting/connecting-2/contents+en.lrquestion.description) msgid "# Common log error #4: Clock skew" @@ -1334,14 +1324,10 @@ msgstr "" msgid "I'm having a problem with NoScript." msgstr "Tengo un problema con NoScript." -#: http//localhost/tbb/tbb-39/ -#: (content/tbb/tbb-39/contents+en.lrquestion.description) -msgid "" -"Sometimes Javascript-heavy websites can have functional issues over Tor " -"Browser." -msgstr "" -"A veces, los sitios con mucho Javascript pueden tener problemas de " -"funcionamiento en el navegador Tor." +#: http//localhost/tbb/tbb-34/ +#: (content/tbb/tbb-34/contents+en.lrquestion.title) +msgid "Why does Tor Browser ship with Javascript enabled?" +msgstr "¿Por qué el Tor Browser viene con JavaScript habilitado?" #: http//localhost/misc/misc-3/ #: (content/misc/misc-3/contents+en.lrquestion.seo_slug) @@ -2024,10 +2010,13 @@ msgstr "" msgid "* For Windows" msgstr "* Para Windows" -#: http//localhost/tbb/tbb-26/ -#: (content/tbb/tbb-26/contents+en.lrquestion.title) -msgid "I'm having a problem with HTTPS Everywhere." -msgstr "Tengo un problema con HTTPS Everywhere." +#: http//localhost/tbb/tbb-37/ +#: (content/tbb/tbb-37/contents+en.lrquestion.description) +msgid "" +"We currently offer https://www.torproject.org/projects/torbrowser.html.en\;>Tor " +"Browser in the following languages:" +msgstr "" #: http//localhost/tbb/tbb-39/ #: (content/tbb/tbb-39/contents+en.lrquestion.seo_slug) @@ -3140,16 +3129,19 @@ msgstr "" msgid "how-to-download-tor-if-torproject-org-is-blocked" msgstr "como-bajarse-el-navegador-tor-si-elproyecto-tor-está-bloqueado" -#: http//localhost/misc/misc-7/ -#: (content/misc/misc-7/contents+en.lrquestion.description) +#: http//localhost/tbb/tbb-1/ +#: (content/tbb/tbb-1/contents+en.lrquestion.description) msgid "" -"A list of all of our software projects can be found on our https://www.torproject.org/projects/projects.html.en\;>projects " -"page." +"If you started having issues with your Tor Browser after an update, check " +"out https://blog.torproject.org\;>blog.torproject.org for the " +"most recent stable Tor Browser post to see if your issue is listed." msgstr "" -"Puedes leer una lista de todos nuestros proyectos de software en la https://www.torproject.org/projects/projects.html.en\;>âpágina de " -"nuestro proyecto." +"Si comenzaste a tener problemas con tu Tor Browser tras actualizar, revisa " +"âhttps://blog.torproject.org\;>blog.torproject.org en busca" +" del artÃculo del Tor Browser estable más reciente para ver si aparece tu " +"problema." #: http//localhost/misc/ (content/misc/contents+en.lrtopic.title) msgid "Misc" @@ -3332,6 +3324,11 @@ msgstr "" "href=\"https://www.torproject.org/projects/torbrowser/design/\;>Para saber " "más sobre el diseño del Tor Browser." +#: http//localhost/tbb/tbb-26/ +#: (content/tbb/tbb-26/contents+en.lrquestion.title) +msgid "I'm having a problem with HTTPS Everywhere." +msgstr "Tengo un problema con HTTPS Everywhere." + #: http//localhost/tormessenger/ #: (content/tormessenger/contents+en.lrtopic.title) msgid "Tor Messenger" @@ -3704,10 +3701,14 @@ msgstr "" "ser capaces de ver que estás usando Tor, pero no sabrán a dónde vas cuando " "lo