[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 2 commits: Bug 1817756 - Add a seed to the network ID. r=valentin, necko-reviewers

Title: GitLab

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser

Commits:

  • 3dd7b20a
    by Pier Angelo Vendrame at 2023-02-22T09:55:31+01:00 
    Bug 1817756 - Add a seed to the network ID. r=valentin,necko-reviewers

This helps to prevent linkability of users in the same network.

Differential Revision: https://phabricator.services.mozilla.com/D170373
  • e8982629
    by Pier Angelo Vendrame at 2023-02-22T09:59:38+01:00 
    Bug 41599: Always return an empty string as network ID

Firefox computes an internal network ID used to detect network changes
and act consequently (e.g., to improve WebSocket UX).
However, there are a few ways to get this internal network ID, so we
patch them out, to be sure any new code will not be able to use them and
possibly link users.

We also sent a patch to Mozilla to seed the internal network ID, to
prevent any accidental leak in the future.
Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756

8 changed files:

Changes:

  • netwerk/system/LinkServiceCommon.cpp
    1 
    +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
    2 
    +/* vim: set ts=8 sts=2 et sw=2 tw=80: */
    3 
    +/* This Source Code Form is subject to the terms of the Mozilla Public
    4 
    + * License, v. 2.0. If a copy of the MPL was not distributed with this
    5 
    + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
    6 
    +
    7 
    +#include "LinkServiceCommon.h"
    8 
    +
    9 
    +#include "mozilla/Maybe.h"
    10 
    +#include "mozilla/SHA1.h"
    11 
    +#include "mozilla/TimeStamp.h"
    12 
    +#include "nsID.h"
    13 
    +
    14 
    +using namespace mozilla;
    15 
    +
    16 
    +void SeedNetworkId(SHA1Sum& aSha1) {
    17 
    +  static Maybe<nsID> seed = ([]() {
    18 
    +    Maybe<nsID> uuid(std::in_place);
    19 
    +    if (NS_FAILED(nsID::GenerateUUIDInPlace(*uuid))) {
    20 
    +      uuid.reset();
    21 
    +    }
    22 
    +    return uuid;
    23 
    +  })();
    24 
    +  if (seed) {
    25 
    +    aSha1.update(seed.ptr(), sizeof(*seed));
    26 
    +  } else {
    27 
    +    TimeStamp timestamp = TimeStamp::ProcessCreation();
    28 
    +    aSha1.update(&timestamp, sizeof(timestamp));
    29 
    +  }
    30 
    +}

  • netwerk/system/LinkServiceCommon.h
    1 
    +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
    2 
    +/* vim: set ts=8 sts=2 et sw=2 tw=80: */
    3 
    +/* This Source Code Form is subject to the terms of the Mozilla Public
    4 
    + * License, v. 2.0. If a copy of the MPL was not distributed with this
    5 
    + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
    6 
    +
    7 
    +#ifndef LINK_SERVICE_COMMON_H_
    8 
    +#define LINK_SERVICE_COMMON_H_
    9 
    +
    10 
    +namespace mozilla {
    11 
    +class SHA1Sum;
    12 
    +}
    13 
    +
    14 
    +// Add a seed to the computed network ID to prevent user linkability.
    15 
    +void SeedNetworkId(mozilla::SHA1Sum& aSha1);
    16 
    +
    17 
    +#endif  // LINK_SERVICE_COMMON_H_

  • netwerk/system/android/nsAndroidNetworkLinkService.cpp
    ... ... @@ -123,11 +123,15 @@ nsAndroidNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
    123 123
    124 124 
     NS_IMETHODIMP
    125 125 
     nsAndroidNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
    126 
    +#ifdef BASE_BROWSER
    127 
    +  aNetworkID.Truncate();
    128 
    +#else
    126 129 
       if (!mNetlinkSvc) {
    127 130 
         return NS_ERROR_NOT_AVAILABLE;
    128 131 
       }
    129 132
    130 133 
       mNetlinkSvc->GetNetworkID(aNetworkID);
    134 
    +#endif
    131 135 
       return NS_OK;
    132 136 
     }
    133 137

  • netwerk/system/linux/nsNetworkLinkService.cpp
    ... ... @@ -50,11 +50,15 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
    50 50
    51 51 
     NS_IMETHODIMP
    52 52 
     nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
    53 
    +#ifdef BASE_BROWSER
    54 
    +  aNetworkID.Truncate();
    55 
    +#else
    53 56 
       if (!mNetlinkSvc) {
    54 57 
         return NS_ERROR_NOT_AVAILABLE;
    55 58 
       }
    56 59
    57 60 
       mNetlinkSvc->GetNetworkID(aNetworkID);
    61 
    +#endif
    58 62 
       return NS_OK;
    59 63 
     }
    60 64

  • netwerk/system/mac/nsNetworkLinkService.mm
    ... ... @@ -35,6 +35,7 @@
    35 35 
     #include "mozilla/Telemetry.h"
    36 36 
     #include "nsNetworkLinkService.h"
    37 37 
     #include "../../base/IPv6Utils.h"
    38 
    +#include "../LinkServiceCommon.h"
    38 39 
     #include "../NetworkLinkServiceDefines.h"
    39 40
    40 41 
     #import <Cocoa/Cocoa.h>
    ... ... @@ -122,8 +123,12 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
    122 123
    123 124 
     NS_IMETHODIMP
    124 125 
     nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
    126 
    +#ifdef BASE_BROWSER
    127 
    +  aNetworkID.Truncate();
    128 
    +#else
    125 129 
       MutexAutoLock lock(mMutex);
    126 130 
       aNetworkID = mNetworkId;
    131 
    +#endif
    127 132 
       return NS_OK;
    128 133 
     }
    129 134
    ... ... @@ -600,11 +605,8 @@ void nsNetworkLinkService::calculateNetworkIdInternal(void) {
    600 605 
       bool found6 = IPv6NetworkId(&sha1);
    601 606
    602 607 
       if (found4 || found6) {
    603 
    -    // This 'addition' could potentially be a fixed number from the
    604 
    -    // profile or something.
    605 
    -    nsAutoCString addition("local-rubbish");
    606 608 
         nsAutoCString output;
    607 
    -    sha1.update(addition.get(), addition.Length());
    609 
    +    SeedNetworkId(sha1);
    608 610 
         uint8_t digest[SHA1Sum::kHashSize];
    609 611 
         sha1.finish(digest);
    610 612 
         nsAutoCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize);

  • netwerk/system/moz.build
    ... ... @@ -15,3 +15,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android":
    15 15
    16 16 
     elif CONFIG["OS_ARCH"] == "Linux":
    17 17 
         DIRS += ["linux", "netlink"]
    18 
    +
    19 
    +SOURCES += [
    20 
    +    "LinkServiceCommon.cpp",
    21 
    +]
    22 
    +
    23 
    +FINAL_LIBRARY = "xul"

  • netwerk/system/netlink/NetlinkService.cpp
    ... ... @@ -18,6 +18,7 @@
    18 18 
     #include "nsPrintfCString.h"
    19 19 
     #include "mozilla/Logging.h"
    20 20 
     #include "../../base/IPv6Utils.h"
    21 
    +#include "../LinkServiceCommon.h"
    21 22 
     #include "../NetworkLinkServiceDefines.h"
    22 23
    23 24 
     #include "mozilla/Base64.h"
    ... ... @@ -1812,11 +1813,8 @@ void NetlinkService::CalculateNetworkID() {
    1812 1813 
       bool found6 = CalculateIDForFamily(AF_INET6, &sha1);
    1813 1814
    1814 1815 
       if (found4 || found6) {
    1815 
    -    // This 'addition' could potentially be a fixed number from the
    1816 
    -    // profile or something.
    1817 
    -    nsAutoCString addition("local-rubbish");
    1818 1816 
         nsAutoCString output;
    1819 
    -    sha1.update(addition.get(), addition.Length());
    1817 
    +    SeedNetworkId(sha1);
    1820 1818 
         uint8_t digest[SHA1Sum::kHashSize];
    1821 1819 
         sha1.finish(digest);
    1822 1820 
         nsAutoCString newString(reinterpret_cast<char*>(digest),
    ... ... @@ -1877,8 +1875,12 @@ void NetlinkService::CalculateNetworkID() {
    1877 1875 
     }
    1878 1876
    1879 1877 
     void NetlinkService::GetNetworkID(nsACString& aNetworkID) {
    1878 
    +#ifdef BASE_BROWSER
    1879 
    +  aNetworkID.Truncate();
    1880 
    +#else
    1880 1881 
       MutexAutoLock lock(mMutex);
    1881 1882 
       aNetworkID = mNetworkId;
    1883 
    +#endif
    1882 1884 
     }
    1883 1885
    1884 1886 
     nsresult NetlinkService::GetDnsSuffixList(nsTArray<nsCString>& aDnsSuffixList) {

  • netwerk/system/win32/nsNotifyAddrListener.cpp
    ... ... @@ -45,6 +45,7 @@
    45 45 
     #include "mozilla/Base64.h"
    46 46 
     #include "mozilla/ScopeExit.h"
    47 47 
     #include "mozilla/Telemetry.h"
    48 
    +#include "../LinkServiceCommon.h"
    48 49 
     #include <iptypes.h>
    49 50 
     #include <iphlpapi.h>
    50 51
    ... ... @@ -104,8 +105,12 @@ nsNotifyAddrListener::GetLinkType(uint32_t* aLinkType) {
    104 105
    105 106 
     NS_IMETHODIMP
    106 107 
     nsNotifyAddrListener::GetNetworkID(nsACString& aNetworkID) {
    108 
    +#ifdef BASE_BROWSER
    109 
    +  aNetworkID.Truncate();
    110 
    +#else
    107 111 
       MutexAutoLock lock(mMutex);
    108 112 
       aNetworkID = mNetworkId;
    113 
    +#endif
    109 114 
       return NS_OK;
    110 115 
     }
    111 116
    ... ... @@ -248,7 +253,7 @@ void nsNotifyAddrListener::calculateNetworkId(void) {
    248 253 
       nsAutoCString output;
    249 254 
       SHA1Sum::Hash digest;
    250 255 
       HashSortedNetworkIds(nwGUIDS, sha1);
    251 
    -
    256 
    +  SeedNetworkId(sha1);
    252 257 
       sha1.finish(digest);
    253 258 
       nsCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize);
    254 259 
       nsresult rv = Base64Encode(newString, output);


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help 

    _______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits