commit d313aca7ec142e7be1ba00517f4bd12b535cea5e Author: Damian Johnson atagar@torproject.org Date: Sun Nov 10 17:22:02 2019 -0800
Drop _get_padding_needed()
Maybe I'm missing something, but why not simply pad using the modulus? --- stem/descriptor/hidden_service.py | 6 ++-- stem/descriptor/hsv3_crypto.py | 61 --------------------------------------- 2 files changed, 4 insertions(+), 63 deletions(-)
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py index ab377728..141f54b0 100644 --- a/stem/descriptor/hidden_service.py +++ b/stem/descriptor/hidden_service.py @@ -931,8 +931,10 @@ def _get_superencrypted_blob(intro_points, descriptor_signing_privkey, revision_
middle_descriptor_layer = _get_middle_descriptor_layer_body(inner_ciphertext_b64)
- padding_bytes_needed = stem.descriptor.hsv3_crypto._get_padding_needed(len(middle_descriptor_layer)) - middle_descriptor_layer = middle_descriptor_layer + b'\x00' * padding_bytes_needed + # Spec mandated padding: "Before encryption the plaintext is padded with NUL + # bytes to the nearest multiple of 10k bytes." + + middle_descriptor_layer = middle_descriptor_layer + b'\x00' * (len(middle_descriptor_layer) % 10000)
return b'\n' + _encrypt_layer(middle_descriptor_layer, b'hsdir-superencrypted-data', revision_counter, subcredential, blinded_key)
diff --git a/stem/descriptor/hsv3_crypto.py b/stem/descriptor/hsv3_crypto.py index b762c5ee..0186ba90 100644 --- a/stem/descriptor/hsv3_crypto.py +++ b/stem/descriptor/hsv3_crypto.py @@ -64,64 +64,3 @@ class HSv3PrivateBlindedKey(object):
def sign(self, msg): return signatureWithESK(msg, self.blinded_secret_key, self.blinded_pubkey) - - -""" -Basic descriptor logic: - - SALT = 16 bytes from H(random), changes each time we rebuld the - descriptor even if the content of the descriptor hasn't changed. - (So that we don't leak whether the intro point list etc. changed) - - secret_input = SECRET_DATA | subcredential | INT_8(revision_counter) - - keys = KDF(secret_input | salt | STRING_CONSTANT, S_KEY_LEN + S_IV_LEN + MAC_KEY_LEN) - - SECRET_KEY = first S_KEY_LEN bytes of keys - SECRET_IV = next S_IV_LEN bytes of keys - MAC_KEY = last MAC_KEY_LEN bytes of keys - - -Layer data: - - 2.5.1.1. First layer encryption logic - SECRET_DATA = blinded-public-key - STRING_CONSTANT = "hsdir-superencrypted-data" - - 2.5.2.1. Second layer encryption keys - SECRET_DATA = blinded-public-key | descriptor_cookie - STRING_CONSTANT = "hsdir-encrypted-data" -""" - -SALT_LEN = 16 -MAC_LEN = 32 - -S_KEY_LEN = 32 -S_IV_LEN = 16 -MAC_KEY_LEN = 32 - -""" -Descriptor encryption -""" - - -def ceildiv(a, b): - """ - Like // division but return the ceiling instead of the floor - """ - - return -(-a // b) - - -def _get_padding_needed(plaintext_len): - """ - Get descriptor padding needed for this descriptor layer. - From the spec: - Before encryption the plaintext is padded with NUL bytes to the nearest - multiple of 10k bytes. - """ - - PAD_MULTIPLE_BYTES = 10000 - - final_size = ceildiv(plaintext_len, PAD_MULTIPLE_BYTES) * PAD_MULTIPLE_BYTES - return final_size - plaintext_len