[tor-commits] [bridgedb/master] The identity is based on the public key of the router.
isis at torproject.org
isis at torproject.org
Sun Jan 12 06:06:32 UTC 2014
commit f9b9ad7cf1dafeb59a54d7e4d3cf922586a3d05e
Author: Matthew Finkel <Matthew.Finkel at gmail.com>
Date: Sat Nov 9 17:12:45 2013 +0000
The identity is based on the public key of the router.
Specifically it is the SHA-1 hash of the DER encoding of an ASN.1
RSA public key.
(cherry picked from commit 6b57521a522abaa8f5fdd158708f382293a59e48)
Signed-off-by: Isis Lovecruft <isis at torproject.org>
Conflicts:
scripts/gen_bridge_descriptors
Matt and I both fixed the same bug, but it turns out we were both a tiny bit
wrong, I believe, in different ways: I was improperly PEM-encoding the OR
keys, and wasn't using ASN.1 format. Matt was using a dump of SIDPKey as the
OR bridge's public identity key -- PyOpenSSL has this rather odd API where you
have to dump the public key from the public cert to access it. Also, it's
necessary to base64-encode the digest of the identity key, and strip the '='
character base64 padding.
We *might* still be doing it wrong and missing the DER-encoding step.
---
scripts/gen_bridge_descriptors | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/scripts/gen_bridge_descriptors b/scripts/gen_bridge_descriptors
index 4d7c930..019e1e3 100644
--- a/scripts/gen_bridge_descriptors
+++ b/scripts/gen_bridge_descriptors
@@ -98,6 +98,7 @@ OPENSSL_BEGIN_CERT = "-----BEGIN CERTIFICATE-----"
OPENSSL_END_CERT = "-----END CERTIFICATE-----"
PEM = OpenSSL.crypto.FILETYPE_PEM
+ASN1 = OpenSSL.crypto.FILETYPE_ASN1
class OpenSSLKeyGenError(Exception):
@@ -573,15 +574,10 @@ def makeOnionKeys(bridge=True, digest='sha1'):
onion = createKey()
onionSKey, onionSCert, onionPKey, onionPCert = onion
- # This is the fingerprint of the server ID key, if we aren't a bridge. If
- # we are a bridge, then this is the real fingerprint, which goes into our
- # descriptor (but not the one that other ORs see when they connect to us)
- fingerprint = CIDPCert.digest(digest)
-
onionKeyString = 'onion-key\n%s' % getPEMPublicKey(onionPCert)
signingKeyString = 'signing-key\n%s' % getPEMPublicKey(signPCert)
- return SIDSKey, SIDPCert, (fingerprint, onionKeyString, signingKeyString)
+ return SIDSKey, SIDPCert, (onionKeyString, signingKeyString)
def generateExtraInfo(fingerprint, ts, ipv4, port):
"""Create an OR extra-info document.
@@ -745,17 +741,20 @@ def generateDescriptors():
timestamp = makeTimeStamp(variation=True, period=36)
protocols = makeProtocolsLine(vers)
- SIDSKey, SIDPCert, (fingerprint, onionkey, signingkey) = makeOnionKeys()
+ SIDSKey, SIDPCert, (onionkey, signingkey) = makeOnionKeys()
idkey_private = getPEMPrivateKey(SIDSKey)
idkey_digest = hashlib.sha1(idkey_private).digest()
fpr = convertToSpaceyFingerprint(fingerprint)
- idkey_public = OpenSSL.crypto.dump_privatekey(PEM,
+ idkey_public = OpenSSL.crypto.dump_privatekey(ASN1,
SIDPCert.get_pubkey())
idkey_public = re.sub(OPENSSL_BEGIN_KEY, '', idkey_public)
idkey_public = re.sub(OPENSSL_END_KEY, '', idkey_public)
idkey_public = idkey_public.strip()
+
+ ident_digest = hashlib.sha1(idkey_public).digest()
+
identity = binascii.b2a_base64(
hashlib.sha1(idkey_public).digest()).strip().strip('=======')
More information about the tor-commits
mailing list