Merge remote-tracking branch 'origin/maint-0.2.4'

changes/no_client_timestamps_024

@@ -0,0 +1,14 @@
+  o Minor features (security, timestamp avoidance, proposal 222):
+    - Clients no longer send timestamps in their NETINFO cells.  These were
+      not used for anything, and they provided one small way for clients
+      to be distinguished from each other as they moved from network to
+      network or behind NAT. Implements part of proposal 222.
+    - Clients now round timestamps in INTRODUCE cells down to the nearest
+      10 minutes.  If a new Support022HiddenServices option is set to 0,
+      or if it's set to "auto" and the feature is disabled in the consensus,
+      the timestamp is sent as 0 instead. Implements part of proposal 222.
+    - Stop sending timestamps in AUTHENTICATE cells. This is not such
+      a big deal from a security point of view, but it achieves no actual
+      good purpose, and isn't needed. Implements part of proposal 222.
+    - Reduce down accuracy of timestamps in hidden service descriptors.
+      Implements part of proposal 222.

doc/tor.1.txt

@@ -372,7 +372,8 @@ GENERAL OPTIONS
 
 **DisableDebuggerAttachment** **0**|**1**::
    If set to 1, Tor will attempt to prevent basic debugging attachment attempts
-   by other processes. It has no impact for users who wish to attach if they
+   by other processes. This may also keep Tor from generating core files if
+   it crashes. It has no impact for users who wish to attach if they
    have CAP_SYS_PTRACE or if they are root.  We believe that this feature
    works on modern Gnu/Linux distributions, and that it may also work on *BSD
    systems (untested).  Some modern Gnu/Linux systems such as Ubuntu have the
@@ -1356,6 +1357,15 @@ The following options are useful only for clients (that is, if
     Tor will use a default value chosen by the directory
     authorities. (Default: -1.)
 
+**Support022HiddenServices** **0**|**1**|**auto**::
+    Tor hidden services running versions before 0.2.3.x required clients to
+    send timestamps, which can potentially be used to distinguish clients
+    whose view of the current time is skewed. If this option is set to 0, we
+    do not send this timestamp, and hidden services on obsolete Tor versions
+    will not work.  If this option is set to 1, we send the timestamp.  If
+    this optoin is "auto", we take a recommendation from the latest consensus
+    document. (Default: auto)
+
 
 SERVER OPTIONS
 --------------

src/or/config.c

@@ -393,6 +393,7 @@ static config_var_t option_vars_[] = {
   V(SSLKeyLifetime,              INTERVAL, "0"),
   OBSOLETE("StatusFetchPeriod"),
   V(StrictNodes,                 BOOL,     "0"),
+  V(Support022HiddenServices,    AUTOBOOL, "auto"),
   OBSOLETE("SysLog"),
   V(TestSocks,                   BOOL,     "0"),
   OBSOLETE("TestVia"),

src/or/connection_or.c

@@ -2121,8 +2121,9 @@ connection_or_send_netinfo(or_connection_t *conn)
   memset(&cell, 0, sizeof(cell_t));
   cell.command = CELL_NETINFO;
 
-  /* Timestamp. */
-  set_uint32(cell.payload, htonl((uint32_t)now));
+  /* Timestamp, if we're a relay. */
+  if (! conn->handshake_state->started_here)
+    set_uint32(cell.payload, htonl((uint32_t)now));
 
   /* Their address. */
   out = cell.payload + 4;
@@ -2356,19 +2357,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
   if (server)
     return V3_AUTH_FIXED_PART_LEN; // ptr-out
 
-  /* Time: 8 octets. */
-  {
-    uint64_t now = time(NULL);
-    if ((time_t)now < 0)
-      return -1;
-    set_uint32(ptr, htonl((uint32_t)(now>>32)));
-    set_uint32(ptr+4, htonl((uint32_t)now));
-    ptr += 8;
-  }
-
-  /* Nonce: 16 octets. */
-  crypto_rand((char*)ptr, 16);
-  ptr += 16;
+  /* 8 octets were reserved for the current time, but we're trying to get out
+   * of the habit of sending time around willynilly.  Fortunately, nothing
+   * checks it.  That's followed by 16 bytes of nonce. */
+  crypto_rand((char*)ptr, 24);
+  ptr += 24;
 
   tor_assert(ptr - out == V3_AUTH_BODY_LEN);
 

src/or/or.h

@@ -4219,6 +4219,9 @@ typedef struct {
 
   /** How long (seconds) do we keep a guard before picking a new one? */
   int GuardLifetime;
+
+  /** Should we send the timestamps that pre-023 hidden services want? */
+  int Support022HiddenServices;
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */

src/or/rendclient.c

@@ -16,6 +16,7 @@
 #include "connection_edge.h"
 #include "directory.h"
 #include "main.h"
+#include "networkstatus.h"
 #include "nodelist.h"
 #include "relay.h"
 #include "rendclient.h"
@@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ)
   return result;
 }
 
+/** Return true iff we should send timestamps in our INTRODUCE1 cells */
+static int
+rend_client_should_send_timestamp(void)
+{
+  if (get_options()->Support022HiddenServices >= 0)
+    return get_options()->Support022HiddenServices;
+
+  return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1);
+}
+
 /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
  * down introcirc if possible.
  */
@@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
              REND_DESC_COOKIE_LEN);
       v3_shift += 2+REND_DESC_COOKIE_LEN;
     }
-    set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
+    if (rend_client_should_send_timestamp()) {
+      time_t now = (uint32_t)time(NULL);
+      now += 300;
+      now -= now % 600;
+      set_uint32(tmp+v3_shift+1, htonl(now));
+    } else {
+      set_uint32(tmp+v3_shift+1, 0);
+    }
     v3_shift += 4;
   } /* if version 2 only write version number */
   else if (entry->parsed->protocols & (1<<2)) {

src/or/rendservice.c

@@ -593,6 +593,7 @@ rend_service_update_descriptor(rend_service_t *service)
   d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
   d->pk = crypto_pk_dup_key(service->private_key);
   d->timestamp = time(NULL);
+  d->timestamp -= d->timestamp % 3600; /* Round down to nearest hour */
   d->intro_nodes = smartlist_new();
   /* Support intro protocols 2 and 3. */
   d->protocols = (1 << 2) + (1 << 3);