[stem/master] Generate desc-auth-ephemeral-key from a key - tor-commits

22 Nov 2019

commit 2526db23a86022796d7d635e1081f2bcd976376b
Author: Damian Johnson atagar@torproject.org
Date:   Fri Nov 22 13:40:45 2019 -0800
Generate desc-auth-ephemeral-key from a key
Great catch from asn on #31823 that we should generate desc-auth-ephemeral-key
    fields from a key rather than random bytes. Otherwise this can be used as a
    fingerprint to differentiate our descriptors from tor's.
---
 stem/descriptor/hidden_service.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index ea1ae739..e75c7a6e 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -1188,6 +1188,7 @@ class OuterLayer(Descriptor):
       raise ImportError('Hidden service layer creation requires cryptography version 2.6')
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+    from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
inner_layer = inner_layer if inner_layer else InnerLayer.create()
     revision_counter = revision_counter if revision_counter else 1
@@ -1196,7 +1197,7 @@ class OuterLayer(Descriptor):
return _descriptor_content(attr, exclude, (
       ('desc-auth-type', 'x25519'),
-      ('desc-auth-ephemeral-key', base64.b64encode(os.urandom(32))),
+      ('desc-auth-ephemeral-key', base64.b64encode(stem.util._pubkey_bytes(X25519PrivateKey.generate()))),
     ), (
       ('encrypted', b'\n' + inner_layer._encrypt(revision_counter, subcredential, blinded_key)),
     ))

    