commit c927dce44dcaa76199c2371bab389f4dc4111417 Author: Damian Johnson atagar@torproject.org Date: Tue Aug 25 09:34:43 2015 -0700

Add ntor_onion_key to bridge descriptors

Turns out this field isn't removed during sanitization...

> * While doing this discovered that sanitized descriptors have > ntor-onion-key lines. Stem thought those were removed. If this is > intended I'll revise Stem's parser.

Oh, you're right, those lines are not removed as part of sanitizing bridge descriptors. I noticed in May that we're not doing that and asked Nick whether that's a problem, and he said that's fine. Feel free to change that in Stem and parse those lines, too. Thanks for pointing it out though, it could have been a real issue. Gladly it's not. --- docs/change_log.rst | 1 + stem/descriptor/extrainfo_descriptor.py | 2 +- stem/descriptor/server_descriptor.py | 10 ++++++---- test/unit/descriptor/server_descriptor.py | 6 +----- 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/docs/change_log.rst b/docs/change_log.rst index a52359e..1f542ad 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -55,6 +55,7 @@ The following are only available within Stem's `git repository

* Support for ed25519 descriptor fields (:spec:`5a79d67`) * Server descriptor validation fails with 'extra-info-digest line had an invalid value' from additions in proposal 228 (:trac:`16227`) + * :class:`~stem.descriptor.server_descriptor.BridgeDescriptor` now has 'ntor_onion_key' like its unsanitized counterparts

* **Website**

diff --git a/stem/descriptor/extrainfo_descriptor.py b/stem/descriptor/extrainfo_descriptor.py index 5b986b4..a9c1eff 100644 --- a/stem/descriptor/extrainfo_descriptor.py +++ b/stem/descriptor/extrainfo_descriptor.py @@ -927,7 +927,7 @@ class BridgeExtraInfoDescriptor(ExtraInfoDescriptor): https://collector.torproject.org/formats.html#bridge-descriptors`_)

:var str ed25519_certificate_hash: sha256 hash of the original identity-ed25519 - :var str router_digest_sha256: **todo**, needs clarification + :var str router_digest_sha256: sha256 digest of this document

.. versionchanged:: 1.5.0 Added the ed25519_certificate_hash and router_digest_sha256 attributes. diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index 5632140..be40f62 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -443,6 +443,7 @@ class ServerDescriptor(Descriptor): :var bool extra_info_cache: ***** flag if a mirror for extra-info documents :var str extra_info_digest: upper-case hex encoded digest of our extra-info document :var bool eventdns: flag for evdns backend (deprecated, always unset) + :var str ntor_onion_key: base64 key used to encrypt EXTEND in the ntor protocol :var list or_addresses: ***** alternative for our address/or_port attributes, each entry is a tuple of the form (address (**str**), port (**int**), is_ipv6 (**bool**)) @@ -492,6 +493,7 @@ class ServerDescriptor(Descriptor): 'extra_info_digest': (None, _parse_extrainfo_digest_line), 'hidden_service_dir': (None, _parse_hidden_service_dir_line), 'eventdns': (None, _parse_eventdns_line), + 'ntor_onion_key': (None, _parse_ntor_onion_key_line), 'or_addresses': ([], _parse_or_address_line),

'read_history_end': (None, _parse_read_history_line), @@ -515,6 +517,7 @@ class ServerDescriptor(Descriptor): 'hidden-service-dir': _parse_hidden_service_dir_line, 'uptime': _parse_uptime_line, 'protocols': _parse_protocols_line, + 'ntor-onion-key': _parse_ntor_onion_key_line, 'or-address': _parse_or_address_line, 'read-history': _parse_read_history_line, 'write-history': _parse_write_history_line, @@ -675,7 +678,6 @@ class RelayDescriptor(ServerDescriptor):

:var str onion_key: ***** key used to encrypt EXTEND cells :var str onion_key_crosscert: signature generated using the onion_key - :var str ntor_onion_key: base64 key used to encrypt EXTEND in the ntor protocol :var str ntor_onion_key_crosscert: signature generated using the ntor-onion-key :var str ntor_onion_key_crosscert_sign: sign of the corresponding ed25519 public key :var str signing_key: ***** relay's long-term identity key @@ -696,7 +698,6 @@ class RelayDescriptor(ServerDescriptor):

'onion_key': (None, _parse_onion_key_line), 'onion_key_crosscert': (None, _parse_onion_key_crosscert_line), - 'ntor_onion_key': (None, _parse_ntor_onion_key_line), 'ntor_onion_key_crosscert': (None, _parse_ntor_onion_key_crosscert_line), 'ntor_onion_key_crosscert_sign': (None, _parse_ntor_onion_key_crosscert_line), 'signing_key': (None, _parse_signing_key_line), @@ -709,7 +710,6 @@ class RelayDescriptor(ServerDescriptor): 'router-sig-ed25519': _parse_router_sig_ed25519_line, 'onion-key': _parse_onion_key_line, 'onion-key-crosscert': _parse_onion_key_crosscert_line, - 'ntor-onion-key': _parse_ntor_onion_key_line, 'ntor-onion-key-crosscert': _parse_ntor_onion_key_crosscert_line, 'signing-key': _parse_signing_key_line, 'router-signature': _parse_router_signature_line, @@ -777,10 +777,12 @@ class BridgeDescriptor(ServerDescriptor): https://collector.torproject.org/formats.html#bridge-descriptors`_)

:var str ed25519_certificate_hash: sha256 hash of the original identity-ed25519 - :var str router_digest_sha256: **todo**, needs clarification + :var str router_digest_sha256: sha256 digest of this document

.. versionchanged:: 1.5.0 Added the ed25519_certificate_hash and router_digest_sha256 attributes. + Also added ntor_onion_key (previously this only belonged to unsanitized + descriptors). """

ATTRIBUTES = dict(ServerDescriptor.ATTRIBUTES, **{ diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py index d44a694..d295884 100644 --- a/test/unit/descriptor/server_descriptor.py +++ b/test/unit/descriptor/server_descriptor.py @@ -309,11 +309,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertFalse(hasattr(desc, 'ed25519_certificate')) self.assertEqual('lgIuiAJCoXPRwWoHgG4ZAoKtmrv47aPr4AsbmESj8AA', desc.ed25519_certificate_hash) self.assertEqual('OB/fqLD8lYmjti09R+xXH/D4S2qlizxdZqtudnsunxE', desc.router_digest_sha256) - - # TODO: Turns out sanitized descriptors have ntor-onion-key. Need to double - # check this is intended. - # - # self.assertEqual([], desc.get_unrecognized_lines()) + self.assertEqual([], desc.get_unrecognized_lines())

def test_cr_in_contact_line(self): """