[tor-bugs] #13045 [BridgeDB]: Leekspin descriptor signatures cannot be verified by Stem

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 2 23:59:30 UTC 2014 

#13045: Leekspin descriptor signatures cannot be verified by Stem
--------------------------+----------------------------------------
     Reporter:  isis      |      Owner:  isis
         Type:  defect    |     Status:  accepted
     Priority:  major     |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:            |   Keywords:  leekspin, bridgedb-parsers
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+----------------------------------------
Description changed by isis:

Old description:

> The signatures on descriptor documents generated by Leekspin (currently
> on version 0.2.1) cannot currently be verified by Stem.
>
> Stem uses
> [https://gitweb.torproject.org/stem.git/commitdiff/e0095fbe54759c45cbf6d1b120d2b17b47a0ec21
> this code to successfully verify signatures created by Tor]. There is
> currently some confusion in the spec (#13042) over the ordering and
> versions of encodings applied to the `signing-key` and the `router-
> signature`. Until #13042 is made clearer, the best way we have to fix
> this is to do what Stem does in reverse.
>
> There may be some problems here with Python dependencies (the available,
> packaged, implementations of RSA, PKCS!#1, and ASN.1 aren't all that
> great, as noted in #5810). I don't care what dependencies we add to get
> this to work; it's causing BridgeDB's new Stem-based parsers (#9380) to
> choke during test runs on Leekspin's fake bridge descriptors.

New description:

 The
 [https://gitweb.torproject.org/user/isis/leekspin.git/blob/HEAD:/leekspin/crypto.py#l135
 signatures on descriptor documents generated by Leekspin] (currently on
 version 0.2.1), in `leekspin.crypto.signDescriptorDocument()`, cannot
 currently be verified by Stem.

 Stem uses
 [https://gitweb.torproject.org/stem.git/commitdiff/e0095fbe54759c45cbf6d1b120d2b17b47a0ec21
 this code to successfully verify signatures created by Tor]. There is
 currently some confusion in the spec (#13042) over the ordering and
 versions of encodings applied to the `signing-key` and the `router-
 signature`. Until #13042 is made clearer, the best way we have to fix this
 is to do what Stem does in reverse.

 There may be some problems here with Python dependencies (the available,
 packaged, implementations of RSA, PKCS!#1, and ASN.1 aren't all that
 great, as noted in #5810). I don't care what dependencies we add to get
 this to work; it's causing BridgeDB's new Stem-based parsers (#9380) to
 choke during test runs on Leekspin's fake bridge descriptors.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13045#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list