commit 2526db23a86022796d7d635e1081f2bcd976376b Author: Damian Johnson <atagar@torproject.org> Date: Fri Nov 22 13:40:45 2019 -0800 Generate desc-auth-ephemeral-key from a key Great catch from asn on #31823 that we should generate desc-auth-ephemeral-key fields from a key rather than random bytes. Otherwise this can be used as a fingerprint to differentiate our descriptors from tor's. --- stem/descriptor/hidden_service.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py index ea1ae739..e75c7a6e 100644 --- a/stem/descriptor/hidden_service.py +++ b/stem/descriptor/hidden_service.py @@ -1188,6 +1188,7 @@ class OuterLayer(Descriptor): raise ImportError('Hidden service layer creation requires cryptography version 2.6') from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey + from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey inner_layer = inner_layer if inner_layer else InnerLayer.create() revision_counter = revision_counter if revision_counter else 1 @@ -1196,7 +1197,7 @@ class OuterLayer(Descriptor): return _descriptor_content(attr, exclude, ( ('desc-auth-type', 'x25519'), - ('desc-auth-ephemeral-key', base64.b64encode(os.urandom(32))), + ('desc-auth-ephemeral-key', base64.b64encode(stem.util._pubkey_bytes(X25519PrivateKey.generate()))), ), ( ('encrypted', b'\n' + inner_layer._encrypt(revision_counter, subcredential, blinded_key)), ))