[tor-bugs] #31369 [Core Tor/Stem]: HSv3 descriptor support in stem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 26 14:31:53 UTC 2019 

#31369: HSv3 descriptor support in stem
-----------------------------------------+-------------------------------
 Reporter:  asn                          |          Owner:  atagar
     Type:  defect                       |         Status:  reopened
 Priority:  Medium                       |      Milestone:
Component:  Core Tor/Stem                |        Version:
 Severity:  Normal                       |     Resolution:
 Keywords:  tor-hs onionbalance scaling  |  Actual Points:
Parent ID:                               |         Points:
 Reviewer:                               |        Sponsor:  Sponsor27-can
-----------------------------------------+-------------------------------

Comment (by asn):

 Hello atagar,

 I took a look at the code and this looks like a great start!

 We do need more stuff to make this work with onionbalance tho. In
 particular:

 a) We need to '''parse''' deeper into the descriptor so that we get into
 the final layer and extract the intro points
 a1) On the way there we need to verify various types of crypto
 certificates.
 a2) Furthermore, we need to implement the key blinding logic of HSv3 to be
 able to verify some of those certificates.

 b) We will need to be able to '''generate''' valid and useful HSv3
 certificates down to the bottom layer. This involves being able to
 generate keys and certificates in a way that can be verified by Tor.

 From the above, everything except from (a) contains crypto stuff. I will
 be
 working on the crypto parts of (b), (c), and (d), but there is a learning
 curve
 involved here with learning how stem handles ed25519 certs
 (stem/certificate.py) and how it handles ed25519 sig verification. I have
 already started implementing the ed25519 cert parsing that v3 introduces,
 but I still need to see how the actual crypto is done.

 Damian, would you be interested in moving forward with (a) if I give you a
 full
 unencrypted descriptor to play with, while I'm doing the crypto parts
 above?

 I'd also appreciate any hints about how to handle ed25519 certs and
 ed25519 sig
 verification in stem.

 Thanks! :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31369#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list