[tor-bugs] #21693 [Core Tor/Tor]: prop224 HS descriptors do wasteful double-base64 encoding

[Tor Bug Tracker & Wiki]

#21693: prop224 HS descriptors do wasteful double-base64 encoding
----------------------------+------------------------------------
 Reporter:  asn             |          Owner:
     Type:  task            |         Status:  new
 Priority:  Medium          |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor    |        Version:
 Severity:  Normal          |     Resolution:
 Keywords:  tor-hs prop224  |  Actual Points:
Parent ID:                  |         Points:  4
 Reviewer:                  |        Sponsor:  SponsorR-can
----------------------------+------------------------------------

Comment (by asn):

 A further point of complication here is that we apply NUL padding (up to
 nearest multiple of 10k bytes) on the superencrypted section to hide
 metadata about client auth details and intro points. So it's more like:

 `middle_layer = b64(encrypt(client_auth_data + b64(encrypt(inner_layer)) +
 nul_padding))`
 `outer_layer = header + middle_layer.`

 So unfortunately it's not as simple as replacing
 `b64(encrypt(inner_layer))` with `encrypt(inner_layer)` since then the
 binary ciphertext gets mangled with the NUL padding... :(

 I guess this means we need some sort of frame on the binary data that
 specifies the length of `encrypt(inner_layer)`, so that the decoding side
 can separate the ciphertext from the padding.

 In my experience, these sort of frames need careful consideration due to
 all sorts of weird padding-oracle type of stuff... Will think some more,
 but this might be a reasonable topic for amsterdam as well...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21693#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online