[stem/master] Incorrect circuit digest for higher protocol versions - tor-commits

24 May 2018

commit e3fab7bfbff6c6d82d9303dc90c4147421ba33ba
Author: Damian Johnson atagar@torproject.org
Date:   Thu May 24 12:16:50 2018 -0700
Incorrect circuit digest for higher protocol versions
I only got stem.client working for link protocol 3 when cobbling it together.
    We attempt to conform with the spec for higher protocol versions but it's
    mostly untested.
While looking into #26060 I realized that we're using the wrong length for cell
    headers when the link protocol is higher than three. Link v4 and greater use a
    long for circuit identifiers rather than a short...
circ_id (4 bytes) + command (1 byte) = 5 bytes
---
 stem/client/__init__.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/stem/client/__init__.py b/stem/client/__init__.py
index 6e25f748..281888e7 100644
--- a/stem/client/__init__.py
+++ b/stem/client/__init__.py
@@ -235,20 +235,26 @@ class Circuit(object):
       orig_digest = self.forward_digest.copy()
       orig_key = copy.copy(self.forward_key)
+      # Digests and such are computed using the RELAY cell payload. This
+      # doesn't include the initial circuit id and cell type fields.
+      # Circuit ids vary in length depending on the protocol version.
+
+      header_size = 5 if self.relay.link_protocol > 3 else 3
+
       try:
         cell = stem.client.cell.RelayCell(self.id, command, data, 0, stream_id)
-        payload_without_digest = cell.pack(self.relay.link_protocol)[3:]
+        payload_without_digest = cell.pack(self.relay.link_protocol)[header_size:]
         self.forward_digest.update(payload_without_digest)
cell = stem.client.cell.RelayCell(self.id, command, data, self.forward_digest, stream_id)
-        header, payload = split(cell.pack(self.relay.link_protocol), 3)
+        header, payload = split(cell.pack(self.relay.link_protocol), header_size)
         encrypted_payload = header + self.forward_key.update(payload)
reply = []
         self.relay._orport.send(encrypted_payload)
for cell in stem.client.cell.Cell.unpack(self.relay._orport.recv(), self.relay.link_protocol):
-          decrypted = self.backward_key.update(cell.pack(self.relay.link_protocol)[3:])
+          decrypted = self.backward_key.update(cell.pack(self.relay.link_protocol)[header_size:])
           reply.append(stem.client.cell.RelayCell._unpack(decrypted, self.id, self.relay.link_protocol))
return reply

    