From patchwork Wed Nov 4 21:28:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3640 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CRKXR0T74z3wl7 for ; Wed, 4 Nov 2020 21:28:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CRKXQ54C2z1Fp; Wed, 4 Nov 2020 21:28:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CRKXQ4bFDz2yMv; Wed, 4 Nov 2020 21:28:54 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CRKXP1MwSz2xd0 for ; Wed, 4 Nov 2020 21:28:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CRKXN1k83zsJ for ; Wed, 4 Nov 2020 21:28:52 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604525332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fcXV1QkKhMEUXl61QBX4jHHx9kseD3UWPGR7JKLlV84=; b=5/S84KvPvA+Kt2g1sOVOxbGSkREiK9frZCRPG5+crX8ZeoWztl+dqJbQcr1X3FRjdSAo3O sOQ2N0E6Ikgy+QCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604525332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fcXV1QkKhMEUXl61QBX4jHHx9kseD3UWPGR7JKLlV84=; b=aT/wA60dgFnWi2uCU0dTrv+YE3G7sI1S3j2YUuO73XF/JnlQerh5sEp1SWjjLWjDIB6svq WRN2TRnrf5lhUHF4bMvqlSDu6TNuVzlyeKLnMHuBX2ma+/PWlQ5K5WCFWgrJZzEBX6dVO/ bvFBeyDUHy57Zpu5ByOUlMfKz4Sh2taCuE76xANg3Crvao6lk31yrCTh3Dw33s+W/8u3Ad KBtAgzFqQgqUgZDSNAjpvZ+h3WG3nXrpQ7D2cNqNdO+ouVkSM1wPQ61ZnTq76NjxCVWkMS DYkkSIYqsG/DDgKWujTuLXd/Fl3Iq6lVIweH9uZQtEZTOPrLifoYZw5DEho3Sg== Subject: [PATCH 2/4] Tor: allow enforcing distinct Guard relays or countries To: development@lists.ipfire.org References: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Wed, 4 Nov 2020 22:28:50 +0100 MIME-Version: 1.0 In-Reply-To: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" In order to make deanonymisation harder, especially high-risk Tor users might want to use certain Guard relays only (for example operated by people they trust), enforce Tor to use Guard relays in certain countries only (for example countries with very strict data protection laws or poor diplomatic relations), or avoid Guard relays in certain countries entirely. Since Tor sticks to sampled Guards for a long time (usually within the range of months), restricting those is believed to cause less harm to a users' anonymity than restricting Exit relays, since their diversity of a generic Tor user is significantly higher. This patch extends the Tor CGI for restricting Guard nodes to certain countries or relays matching certain fingerprints. Signed-off-by: Peter Müller --- html/cgi-bin/tor.cgi | 93 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 3db4bc22c..74fa36247 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -99,6 +99,8 @@ $settings{'TOR_ENABLED'} = 'off'; $settings{'TOR_SOCKS_PORT'} = 9050; $settings{'TOR_EXIT_COUNTRY'} = ''; $settings{'TOR_USE_EXIT_NODES'} = ''; +$settings{'TOR_GUARD_COUNTRY'} = ''; +$settings{'TOR_USE_GUARD_NODES'} = ''; $settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}"; if (&Header::blue_used()) { $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}"; @@ -181,6 +183,15 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { } } + @temp = split(/[\n,]/,$settings{'TOR_USE_GUARD_NODES'}); + $settings{'TOR_USE_GUARD_NODES'} = ""; + foreach (@temp) { + s/^\s+//g; s/\s+$//g; + if ($_) { + $settings{'TOR_USE_GUARD_NODES'} .= $_.","; + } + } + # Burst bandwidth must be less or equal to bandwidth rate. if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) { $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0; @@ -284,6 +295,9 @@ END @temp = split(",", $settings{'TOR_USE_EXIT_NODES'}); $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp); + @temp = split(",", $settings{'TOR_USE_GUARD_NODES'}); + $settings{'TOR_USE_GUARD_NODES'} = join("\n", @temp); + print <
@@ -306,8 +320,57 @@ END -
-
+
+
+ + + + + + + + + + + + + +
$Lang::tr{'tor guard nodes'}
$Lang::tr{'tor use guard nodes'}:
+ + +
+ +
+
@@ -323,7 +386,7 @@ END END - # Convert Exit/Guard country strings into lists to make comparison easier + # Convert Exit country strings into lists to make comparison easier my @exit_countries; if ($settings{'TOR_EXIT_COUNTRY'} ne '') { @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'}); @@ -683,6 +746,30 @@ sub BuildConfiguration() { } print FILE "SocksPolicy reject *\n" if (@subnets); + if ($settings{'TOR_GUARD_COUNTRY'} ne '') { + $strict_nodes = 1; + my $countrylist; + + for my $singlecountry (split(/\|/, $settings{'TOR_GUARD_COUNTRY'})) { + if ($countrylist eq '') { + $countrylist = "{" . lc $singlecountry . "}"; + } else { + $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}"; + } + } + + print FILE "EntryNodes $countrylist\n"; + } + + if ($settings{'TOR_USE_GUARD_NODES'} ne '') { + $strict_nodes = 1; + + my @nodes = split(",", $settings{'TOR_USE_GUARD_NODES'}); + foreach (@nodes) { + print FILE "EntryNode $_\n"; + } + } + if ($settings{'TOR_EXIT_COUNTRY'} ne '') { $strict_nodes = 1; my $countrylist;