r14062@tombo: nickm | 2008-02-08 15:17:07 -0500

 Change DNs in x509 certificates to be harder to fingerprint.  Raise common code.  Refactor random hostname generation into crypto.c


svn:r13429

ChangeLog

@@ -18,6 +18,8 @@ Changes in version 0.2.0.19-alpha - 2008-02-??
   o Minor features (security):
     - Be slightly more paranoid about overwriting sensitive memory on free,
       as a defensive programming tactic to ensure forward secrecy.
+    - Do not include recognizeable strings in the commonname part of
+      Tor's x509 certificates.
 
   o Deprecated features (controller):
     - The status/version/num-versioning and status/version/num-concurring

doc/TODO

@@ -75,6 +75,7 @@ N - Before the feature freeze:
           cert, they adust the client ID.
           o Detect.
           o Adjust.
+        o Better cname and organizationName generation.
       . New revised handshake: post-TLS:
         o start by sending VERSIONS cells
         o once we have a version, send a netinfo and become open

src/common/crypto.c

@@ -1768,6 +1768,37 @@ crypto_rand_uint64(uint64_t max)
   }
 }
 
+/** Generate and return a new random hostname starting with prefix, ending
+ * with suffix, and containing between min_rand_len and max_rand_len random
+ * base32 characters between. */
+char *
+crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
+                       const char *suffix)
+{
+  char *result, *rand_bytes;
+  int randlen, resultlen, rand_bytes_len, prefixlen;
+
+  tor_assert(max_rand_len >= min_rand_len);
+  randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1);
+  prefixlen = strlen(prefix);
+  resultlen = prefixlen + strlen(suffix) + randlen + 16;
+
+  rand_bytes_len = ((randlen*5)+7)/8;
+  if (rand_bytes_len % 5)
+    rand_bytes_len += 5 - (rand_bytes_len%5);
+  rand_bytes = tor_malloc(rand_bytes_len);
+  crypto_rand(rand_bytes, rand_bytes_len);
+
+  result = tor_malloc(resultlen);
+  memcpy(result, prefix, prefixlen);
+  base32_encode(result+prefixlen, resultlen-prefixlen,
+                rand_bytes, rand_bytes_len);
+  tor_free(rand_bytes);
+  strlcpy(result+prefixlen+randlen, suffix, resultlen-(prefixlen+randlen));
+
+  return result;
+}
+
 /** Return a randomly chosen element of sl; or NULL if sl is empty.
  */
 void *

src/common/crypto.h

@@ -171,6 +171,9 @@ int crypto_rand(char *to, size_t n);
 int crypto_rand_int(unsigned int max);
 uint64_t crypto_rand_uint64(uint64_t max);
 
+char *crypto_random_hostname(int min_rand_len, int max_rand_len,
+                             const char *prefix, const char *suffix);
+
 struct smartlist_t;
 void *smartlist_choose(const struct smartlist_t *sl);
 void smartlist_shuffle(struct smartlist_t *sl);

src/common/tortls.c

@@ -322,6 +322,24 @@ always_accept_verify_cb(int preverify_ok,
   return 1;
 }
 
+/** Return a newly allocated X509 name with commonName <b>cname</b> */
+static X509_NAME *
+tor_x509_name_new(const char *cname)
+{
+  int nid;
+  X509_NAME *name;
+  if (!(name = X509_NAME_new()))
+    return NULL;
+  if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
+  if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
+                                   (unsigned char*)cname, -1, -1, 0)))
+    goto error;
+  return name;
+ error:
+  X509_NAME_free(name);
+  return NULL;
+}
+
 /** Generate and sign an X509 certificate with the public key <b>rsa</b>,
  * signed by the private key <b>rsa_sign</b>.  The commonName of the
  * certificate will be <b>cname</b>; the commonName of the issuer will be
@@ -340,7 +358,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
   EVP_PKEY *sign_pkey = NULL, *pkey=NULL;
   X509 *x509 = NULL;
   X509_NAME *name = NULL, *name_issuer=NULL;
-  int nid;
 
   tor_tls_init();
 
@@ -361,30 +378,11 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
   if (!(ASN1_INTEGER_set(X509_get_serialNumber(x509), (long)start_time)))
     goto error;
 
-  if (!(name = X509_NAME_new()))
-    goto error;
-  if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
-    goto error;
-  if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   (unsigned char*)"t o r", -1, -1, 0)))
-    goto error;
-  if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
-  if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   (unsigned char*)cname, -1, -1, 0)))
+  if (!(name = tor_x509_name_new(cname)))
     goto error;
   if (!(X509_set_subject_name(x509, name)))
     goto error;
-
-  if (!(name_issuer = X509_NAME_new()))
-    goto error;
-  if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
-    goto error;
-  if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
-                                   (unsigned char*)"t o r", -1, -1, 0)))
-    goto error;
-  if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
-  if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
-                              (unsigned char*)cname_sign, -1, -1, 0)))
+  if (!(name_issuer = tor_x509_name_new(cname_sign)))
     goto error;
   if (!(X509_set_issuer_name(x509, name_issuer)))
     goto error;
@@ -509,20 +507,19 @@ tor_tls_context_incref(tor_tls_context_t *ctx)
  * the new SSL context.
  */
 int
-tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
-                    unsigned int key_lifetime)
+tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
 {
   crypto_pk_env_t *rsa = NULL;
   crypto_dh_env_t *dh = NULL;
   EVP_PKEY *pkey = NULL;
   tor_tls_context_t *result = NULL;
   X509 *cert = NULL, *idcert = NULL;
-  char nn2[128];
-  if (!nickname)
-    nickname = "null";
-  tor_snprintf(nn2, sizeof(nn2), "%s <signing>", nickname);
+  char *nickname = NULL, *nn2 = NULL;
 
   tor_tls_init();
+  nickname = crypto_random_hostname(8, 20, "www.", ".net");
+  nn2 = crypto_random_hostname(8, 20, "www.", ".net");
+  log_notice(LD_NET, "<%s> <%s>", nickname, nn2);
 
   /* Generate short-term RSA key. */
   if (!(rsa = crypto_new_pk_env()))
@@ -594,10 +591,14 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
   global_tls_context = result;
   if (rsa)
     crypto_free_pk_env(rsa);
+  tor_free(nickname);
+  tor_free(nn2);
   return 0;
 
  error:
   tls_log_errors(LOG_WARN, "creating TLS context");
+  tor_free(nickname);
+  tor_free(nn2);
   if (pkey)
     EVP_PKEY_free(pkey);
   if (rsa)

src/common/tortls.h

@@ -47,8 +47,7 @@ typedef struct tor_tls_t tor_tls_t;
 const char *tor_tls_err_to_string(int err);
 
 void tor_tls_free_all(void);
-int tor_tls_context_new(crypto_pk_env_t *rsa,
-                        const char *nickname, unsigned int key_lifetime);
+int tor_tls_context_new(crypto_pk_env_t *rsa, unsigned int key_lifetime);
 tor_tls_t *tor_tls_new(int sock, int is_server);
 void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
                                       void (*cb)(tor_tls_t *, void *arg),

src/or/dns.c

@@ -1418,22 +1418,14 @@ evdns_wildcard_check_callback(int result, char type, int count, int ttl,
 static void
 launch_wildcard_check(int min_len, int max_len, const char *suffix)
 {
-  char random_bytes[20], name[64], *addr;
-  size_t len;
+  char *addr;
   int r;
 
-  len = min_len + crypto_rand_int(max_len-min_len+1);
-  if (crypto_rand(random_bytes, sizeof(random_bytes)) < 0)
-    return;
-  base32_encode(name, sizeof(name), random_bytes, sizeof(random_bytes));
-  name[len] = '\0';
-  strlcat(name, suffix, sizeof(name));
-
+  addr = crypto_random_hostname(min_len, max_len, "", suffix);
   log_info(LD_EXIT, "Testing whether our DNS server is hijacking nonexistent "
-           "domains with request for bogus hostname \"%s\"", name);
+           "domains with request for bogus hostname \"%s\"", addr);
 
-  addr = tor_strdup(name);
-  r = evdns_resolve_ipv4(name, DNS_QUERY_NO_SEARCH,
+  r = evdns_resolve_ipv4(addr, DNS_QUERY_NO_SEARCH,
                          evdns_wildcard_check_callback, addr);
   if (r)
     tor_free(addr);

src/or/main.c

@@ -886,8 +886,7 @@ run_scheduled_events(time_t now)
     last_rotated_x509_certificate = now;
   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
     log_info(LD_GENERAL,"Rotating tls context.");
-    if (tor_tls_context_new(get_identity_key(), options->Nickname,
-                            MAX_SSL_KEY_LIFETIME) < 0) {
+    if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
       log_warn(LD_BUG, "Error reinitializing TLS context");
       /* XXX is it a bug here, that we just keep going? -RD */
     }

src/or/router.c

@@ -403,9 +403,7 @@ init_keys(void)
     }
     set_identity_key(prkey);
     /* Create a TLS context; default the client nickname to "client". */
-    if (tor_tls_context_new(get_identity_key(),
-                            options->Nickname ? options->Nickname : "client",
-                            MAX_SSL_KEY_LIFETIME) < 0) {
+    if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
       log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
       return -1;
     }
@@ -483,8 +481,7 @@ init_keys(void)
   tor_free(keydir);
 
   /* 3. Initialize link key and TLS context. */
-  if (tor_tls_context_new(get_identity_key(), options->Nickname,
-                          MAX_SSL_KEY_LIFETIME) < 0) {
+  if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
     log_err(LD_GENERAL,"Error initializing TLS context");
     return -1;
   }