From ea4dbf603f42b3154cc63e67529b1dc07e40c688 Mon Sep 17 00:00:00 2001 From: Arvid Norberg Date: Thu, 29 Aug 2013 17:00:25 +0000 Subject: [PATCH] regenerate html --- docs/dht_sec.html | 49 +++++++++++-------- docs/running_tests.html | 48 +++---------------- docs/todo.html | 104 ++++++++++++++++++++-------------------- 3 files changed, 86 insertions(+), 115 deletions(-) diff --git a/docs/dht_sec.html b/docs/dht_sec.html index add59c351..f94e88888 100644 --- a/docs/dht_sec.html +++ b/docs/dht_sec.html @@ -3,7 +3,7 @@ - + BitTorrent DHT security extension @@ -55,13 +55,13 @@

Table of contents

@@ -107,19 +107,22 @@ forced to run their DHT nodes on the same node ID.

In order to avoid the number node IDs controlled to grow linearly by the number of IPs, as well as allowing more than one node ID per external IP, the node ID can be restricted at each class level of the IP.

+

Another important property of the restriction put on node IDs is that the +distribution of the IDs remoain uniform. This is why CRC32 was chosen +as the hash function. See comparisons of hash functions.

The expression to calculate a valid ID prefix (from an IPv4 address) is:

-sha1((ip & 0x01071f7f) .. r)
+crc32((ip & 0x01071f7f) .. r)

And for an IPv6 address (ip is the high 64 bits of the address):

-sha1((ip & 0x000103070f1f3f7f) ..  r)
+crc32((ip & 0x000103070f1f3f7f) ..  r)

r is a random number in the range [0, 7]. The resulting integer, representing the masked IP address is supposed to be big-endian before hashed. The ".." means concatenation.

The details of implementing this is to evaluate the expression, store the -result in a big endian 64 bit integer and hash those 8 bytes with SHA-1.

+result in a big endian 64 bit integer and hash those 8 bytes with CRC32.

The first 4 bytes of the node ID used in the DHT MUST match the first 4 bytes in the resulting hash. The last byte of the hash MUST match the random number (r) used to generate the hash.

@@ -138,13 +141,17 @@ uint8_t* mask = num_octets == 4 ? v4_mask : v8_mask; for (int i = 0; i < num_octets; ++i) ip[i] &= mask[i]; -SHA_CTX ctx; -SHA1_Init(&ctx); -SHA1_Update(&ctx, (unsigned char*)ip, num_octets); uint32_t rand = rand() & 0xff; uint8_t r = rand & 0x7; -SHA1_Update(&ctx, (unsigned char*)&r, 1); -SHA1_Final(&ctx, node_id); + +uint32_t crc = crc32(0, NULL, 0); +crc = crc32(crc, ip, num_octets); +crc = crc32(crc, &r, 1); + +node_id[0] = (crc >> 24) & 0xff; +node_id[1] = (crc >> 16) & 0xff; +node_id[2] = (crc >> 8) & 0xff; +node_id[3] = crc & 0xff; for (int i = 4; i < 19; ++i) node_id[i] = std::rand(); node_id[19] = rand; @@ -152,11 +159,11 @@ node_id[19] = rand; 
 IP           rand  example node ID
 ============ ===== ==========================================
-124.31.75.21   1   f766f9f5 0c5d6a4ec8a88e4c6ab4c28b95eee4 01
-21.75.31.124  86   7ee04779 4e7a08645677bbd1cfe7d8f956d532 56
-65.23.51.170  22   76a626ff bc8f112a3d426c84764f8c2a1150e6 16
-84.124.73.14  65   beb4e619 1bb1fe518101ceef99462b947a01ff 41
-43.213.53.83  90   ace5613a 5b7c4be0237986d5243b87aa6d5130 5a
+124.31.75.21   1   1712f6c7 0c5d6a4ec8a88e4c6ab4c28b95eee4 01
+21.75.31.124  86   946406c1 4e7a08645677bbd1cfe7d8f956d532 56
+65.23.51.170  22   fefd9220 bc8f112a3d426c84764f8c2a1150e6 16
+84.124.73.14  65   af1546dd 1bb1fe518101ceef99462b947a01ff 41
+43.213.53.83  90   a9e920bf 5b7c4be0237986d5243b87aa6d5130 5a

The bold parts of the node ID are the important parts. The rest are random numbers.

diff --git a/docs/running_tests.html b/docs/running_tests.html index 1ebe173e3..24baf8471 100644 --- a/docs/running_tests.html +++ b/docs/running_tests.html @@ -3,7 +3,7 @@ - + libtorrent manual @@ -53,36 +53,15 @@

running and building tests

-

Some of the tests of libtorrent are not self contained. For instance, in -order to test the http_connection class in libtorrent, the test requires -lighty. This document outlines the requirements of the tests as well as -describes how to set up your environment to be able to run them.

-
-
-

lighty

-

Download lighty. I've tested with lighttpd-1.4.19. If libtorrent is built -with SSL support (which it is by default), lighty needs SSL support as well.

-

To build lighty with SSL support do:

-
-./configure --with-openssl
-
-

Followed by:

-
-sudo make install
-
-

Make sure you have SSL support in lighty by running:

-
-lighttpd -V
-
-

Which gives you a list of all enabled features.

+

The tests for SOCKS and HTTP proxy relies on delegate being installed +to set up test proxies. This document outlines the requirements of the +tests as well as describes how to set up your environment to be able to run them.

delegate

@@ -93,21 +72,6 @@ HTTP proxies.

deletate's download page. Make sure to name the executable delegated and put it in a place where a shell can pick it up, in its PATH. For instance /bin.

-
-
-

OpenSSL

-

In order to create an SSL certificate for lighty, openssl is used. More -specifically, the following command is issued by the test to create the -certificate file:

-
-echo -e "AU\ntest province\ntest city\ntest company\ntest department\n\
-        tester\ntest@test.com" | openssl req -new -x509 -keyout server.pem \
-        -out server.pem -days 365 -nodes
-
-

This will write server.pem which is referenced in the lighty -confiuration file.

-

OpenSSL comes installed with most Linux and BSD distros, including Mac OS X. -You can download it from the openssl homepage.