[tor-bugs] #16359 [Metrics Data Processor]: Add new ed25519-related lines to sanitized bridge descriptors

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 13 08:05:45 UTC 2015


#16359: Add new ed25519-related lines to sanitized bridge descriptors
------------------------------------+---------------------
 Reporter:  karsten                 |          Owner:
     Type:  enhancement             |         Status:  new
 Priority:  major                   |      Milestone:
Component:  Metrics Data Processor  |        Version:
 Keywords:                          |  Actual Points:
Parent ID:                          |         Points:
------------------------------------+---------------------
 Recent Tor bridges include ed25519-related lines in their server
 descriptors and extra-info descriptors.  We need to sanitize them in a way
 that doesn't leak the new ed25519 bridge identity.  See also some
 [https://lists.torproject.org/pipermail/tor-dev/2015-May/008885.html
 discussion about this on tor-dev@].

 I just finished writing some possible
 [https://gitweb.torproject.org/karsten/metrics-db.git/log/?h=ed25519
 sanitizing code for this] and would appreciate a quick review of the
 [https://gitweb.torproject.org/karsten/metrics-
 db.git/commit/?h=ed25519&id=053ae4d361230503882867b755aac1541f3d32cd new
 parsing code there].

 Also, here are two sanitized bridge descriptors as samples:

 {{{
 @type bridge-server-descriptor 1.1
 router hatak2 10.131.136.200 89 0 0
 or-address [fd9f:2e19:3bcf::d4:b0b5]:89
 master-key-ed25519 vtKSwo5ic01Lmd1bkRZ64Pn+3p6463SWo59mUobgw1w
 platform Tor 0.2.7.1-alpha-dev on Linux
 protocols Link 1 2 Circuit 1
 published 2015-06-12 07:32:33
 fingerprint FEC3 88B2 464F 8A84 AF02 CB76 3B10 7F71 2750 B3A9
 uptime 208681
 bandwidth 14971520 104857600 153167
 extra-info-digest 64ED1D6F4851BEC31A1FB0F98BBA18F5ADAD6041
 KCnzQ4dTAV+KqwyFYPOlJ9UwYW0vE3wzanHmQ0C1SnI
 hidden-service-dir
 contact somebody
 ntor-onion-key 7aW+CYWazyD6+g4oZTLZ5UgjashXriSyuCrc9MnwYEA=
 reject *:*
 router-digest-sha256 4TfyBALOAWmuLv3Ag5JvLsrXwraNsfxswCnGvVkbPQA
 router-digest C3140734BF6DEC26895456427D793E2ED8BC6F4B
 }}}

 {{{
 @type bridge-extra-info 1.3
 extra-info hatak2 FEC388B2464F8A84AF02CB763B107F712750B3A9
 master-key-ed25519 vtKSwo5ic01Lmd1bkRZ64Pn+3p6463SWo59mUobgw1w
 published 2015-06-12 07:32:33
 write-history 2015-06-12 06:25:25 (14400 s)
 412672,518144,427008,678912,39168000,422912
 read-history 2015-06-12 06:25:25 (14400 s)
 4737024,6061056,4524032,5554176,42741760,4158464
 dirreq-write-history 2015-06-11 21:30:09 (14400 s) 31744,0,0,0,0,0
 dirreq-read-history 2015-06-11 21:30:09 (14400 s) 5120,0,0,0,0,0
 geoip-db-digest 0A1F9C09E08F6F2490E8880664D4E863D1680A12
 geoip6-db-digest A6E9B5DE6F887315749B29F9C9F698215BE5240A
 dirreq-stats-end 2015-06-11 21:30:16 (86400 s)
 dirreq-v3-ips
 dirreq-v3-reqs
 dirreq-v3-resp ok=0,not-enough-sigs=0,unavailable=0,not-found=0,not-
 modified=0,busy=0
 dirreq-v3-direct-dl complete=0,timeout=0,running=0
 dirreq-v3-tunneled-dl complete=0,timeout=0,running=0
 transport fte
 transport obfs4
 transport websocket
 bridge-stats-end 2015-06-11 21:34:31 (86400 s)
 bridge-ips
 bridge-ip-versions v4=0,v6=0
 bridge-ip-transports
 router-digest-sha256 KCnzQ4dTAV+KqwyFYPOlJ9UwYW0vE3wzanHmQ0C1SnI
 router-digest 64ED1D6F4851BEC31A1FB0F98BBA18F5ADAD6041
 }}}

 New/updated lines are:
  - `@type` lines contain updated minor version numbers because of
 additional lines.
  - `master-key-ed25519` in both server descriptors and extra-info
 descriptors, containing SHA256 digests of keys.  Note that extra-info
 descriptors produced by Tor don't (yet) contain such lines.
  - `extra-info-digest` in server descriptors now contains two digests
 matching the digests in the `router-digest` and `router-digest-sha256`
 lines in extra-info descriptors.
  - `router-digest-sha256` contains the SHA256 of SHA256 of full descriptor
 contents including signatures.

 Anything else I'm missing?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16359>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list