[tor-bugs] #5810 [Stem]: Implement verification of server descriptor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 9 14:57:21 UTC 2012 

#5810: Implement verification of server descriptor
-------------------------+--------------------------------------------------
 Reporter:  reganeet     |          Owner:  reganeet
     Type:  enhancement  |         Status:  new     
 Priority:  normal       |      Milestone:          
Component:  Stem         |        Version:          
 Keywords:               |         Parent:          
   Points:               |   Actualpoints:          
-------------------------+--------------------------------------------------

Comment(by atagar):

 Hi Beck. Looks like the first step will be to come up with a counterpart
 for Karsten's determineKeyHash() function...

 https://gitweb.torproject.org/metrics-
 tasks.git/blob/HEAD:/task-2768/VerifyDescriptors.java#l269

 From the dir-spec...

 > A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in
 > hex, with a single space after every 4 characters) for this router's
 > identity key. A descriptor is considered invalid (and MUST be
 > rejected) if the fingerprint line does not match the public key.

 I didn't realize that there was a 'MUST' clause here. We should check
 is_valid() in the server descriptor constructor when validate is True, and
 raise a ValueError if it's invalid. Note that this will break a few integ
 tests since I've messed with some of the data in the descriptor data
 directory to make the tests more interesting...

 https://gitweb.torproject.org/stem.git/tree/HEAD:/test/integ/descriptor/data

 We should swap out the bad test data with real instances when we come
 across it.

 > The problem with M2Crypto is that it requires SSL_v2 support from
 openssl, which is considered unsafe thus excluded from recent Ubuntu
 releases, and possibly Debian [4].

 Do we need the ssl v2 support? As the post mentioned the module itself is
 available on Ubuntu...

 {{{
 atagar at morrigan:~$ lsb_release -sd
 Ubuntu 11.04

 atagar at morrigan:~$ sudo apt-get install m2crypto
 Note, selecting 'python-m2crypto' instead of 'm2crypto'
 The following NEW packages will be installed:
   python-m2crypto
 0 upgraded, 1 newly installed, 0 to remove and 108 not upgraded.
 Need to get 277 kB of archives.
 ...
 }}}

 > I don't know how many people run Tor in Ubuntu

 Lots, including me. :P

 Cheers! -Damian

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5810#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list