[tor-commits] [stem/master] Add ntor_onion_key to bridge descriptors

atagar at torproject.org atagar at torproject.org
Tue Aug 25 17:14:05 UTC 2015 

commit c927dce44dcaa76199c2371bab389f4dc4111417
Author: Damian Johnson <atagar at torproject.org>
Date:   Tue Aug 25 09:34:43 2015 -0700

    Add ntor_onion_key to bridge descriptors
    
    Turns out this field isn't removed during sanitization...
    
      > * While doing this discovered that sanitized descriptors have
      > ntor-onion-key lines. Stem thought those were removed. If this is
      > intended I'll revise Stem's parser.
    
      Oh, you're right, those lines are not removed as part of sanitizing
      bridge descriptors.  I noticed in May that we're not doing that and
      asked Nick whether that's a problem, and he said that's fine.  Feel
      free to change that in Stem and parse those lines, too.  Thanks for
      pointing it out though, it could have been a real issue.  Gladly it's
      not.
---
 docs/change_log.rst                       |    1 +
 stem/descriptor/extrainfo_descriptor.py   |    2 +-
 stem/descriptor/server_descriptor.py      |   10 ++++++----
 test/unit/descriptor/server_descriptor.py |    6 +-----
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/docs/change_log.rst b/docs/change_log.rst
index a52359e..1f542ad 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -55,6 +55,7 @@ The following are only available within Stem's `git repository
 
   * Support for ed25519 descriptor fields (:spec:`5a79d67`)
   * Server descriptor validation fails with 'extra-info-digest line had an invalid value' from additions in proposal 228 (:trac:`16227`)
+  * :class:`~stem.descriptor.server_descriptor.BridgeDescriptor` now has 'ntor_onion_key' like its unsanitized counterparts
 
  * **Website**
 
diff --git a/stem/descriptor/extrainfo_descriptor.py b/stem/descriptor/extrainfo_descriptor.py
index 5b986b4..a9c1eff 100644
--- a/stem/descriptor/extrainfo_descriptor.py
+++ b/stem/descriptor/extrainfo_descriptor.py
@@ -927,7 +927,7 @@ class BridgeExtraInfoDescriptor(ExtraInfoDescriptor):
   <https://collector.torproject.org/formats.html#bridge-descriptors>`_)
 
   :var str ed25519_certificate_hash: sha256 hash of the original identity-ed25519
-  :var str router_digest_sha256: **todo**, needs clarification
+  :var str router_digest_sha256: sha256 digest of this document
 
   .. versionchanged:: 1.5.0
      Added the ed25519_certificate_hash and router_digest_sha256 attributes.
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index 5632140..be40f62 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -443,6 +443,7 @@ class ServerDescriptor(Descriptor):
   :var bool extra_info_cache: **\*** flag if a mirror for extra-info documents
   :var str extra_info_digest: upper-case hex encoded digest of our extra-info document
   :var bool eventdns: flag for evdns backend (deprecated, always unset)
+  :var str ntor_onion_key: base64 key used to encrypt EXTEND in the ntor protocol
   :var list or_addresses: **\*** alternative for our address/or_port
     attributes, each entry is a tuple of the form (address (**str**), port
     (**int**), is_ipv6 (**bool**))
@@ -492,6 +493,7 @@ class ServerDescriptor(Descriptor):
     'extra_info_digest': (None, _parse_extrainfo_digest_line),
     'hidden_service_dir': (None, _parse_hidden_service_dir_line),
     'eventdns': (None, _parse_eventdns_line),
+    'ntor_onion_key': (None, _parse_ntor_onion_key_line),
     'or_addresses': ([], _parse_or_address_line),
 
     'read_history_end': (None, _parse_read_history_line),
@@ -515,6 +517,7 @@ class ServerDescriptor(Descriptor):
     'hidden-service-dir': _parse_hidden_service_dir_line,
     'uptime': _parse_uptime_line,
     'protocols': _parse_protocols_line,
+    'ntor-onion-key': _parse_ntor_onion_key_line,
     'or-address': _parse_or_address_line,
     'read-history': _parse_read_history_line,
     'write-history': _parse_write_history_line,
@@ -675,7 +678,6 @@ class RelayDescriptor(ServerDescriptor):
 
   :var str onion_key: **\*** key used to encrypt EXTEND cells
   :var str onion_key_crosscert: signature generated using the onion_key
-  :var str ntor_onion_key: base64 key used to encrypt EXTEND in the ntor protocol
   :var str ntor_onion_key_crosscert: signature generated using the ntor-onion-key
   :var str ntor_onion_key_crosscert_sign: sign of the corresponding ed25519 public key
   :var str signing_key: **\*** relay's long-term identity key
@@ -696,7 +698,6 @@ class RelayDescriptor(ServerDescriptor):
 
     'onion_key': (None, _parse_onion_key_line),
     'onion_key_crosscert': (None, _parse_onion_key_crosscert_line),
-    'ntor_onion_key': (None, _parse_ntor_onion_key_line),
     'ntor_onion_key_crosscert': (None, _parse_ntor_onion_key_crosscert_line),
     'ntor_onion_key_crosscert_sign': (None, _parse_ntor_onion_key_crosscert_line),
     'signing_key': (None, _parse_signing_key_line),
@@ -709,7 +710,6 @@ class RelayDescriptor(ServerDescriptor):
     'router-sig-ed25519': _parse_router_sig_ed25519_line,
     'onion-key': _parse_onion_key_line,
     'onion-key-crosscert': _parse_onion_key_crosscert_line,
-    'ntor-onion-key': _parse_ntor_onion_key_line,
     'ntor-onion-key-crosscert': _parse_ntor_onion_key_crosscert_line,
     'signing-key': _parse_signing_key_line,
     'router-signature': _parse_router_signature_line,
@@ -777,10 +777,12 @@ class BridgeDescriptor(ServerDescriptor):
   <https://collector.torproject.org/formats.html#bridge-descriptors>`_)
 
   :var str ed25519_certificate_hash: sha256 hash of the original identity-ed25519
-  :var str router_digest_sha256: **todo**, needs clarification
+  :var str router_digest_sha256: sha256 digest of this document
 
   .. versionchanged:: 1.5.0
      Added the ed25519_certificate_hash and router_digest_sha256 attributes.
+     Also added ntor_onion_key (previously this only belonged to unsanitized
+     descriptors).
   """
 
   ATTRIBUTES = dict(ServerDescriptor.ATTRIBUTES, **{
diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py
index d44a694..d295884 100644
--- a/test/unit/descriptor/server_descriptor.py
+++ b/test/unit/descriptor/server_descriptor.py
@@ -309,11 +309,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4=
     self.assertFalse(hasattr(desc, 'ed25519_certificate'))
     self.assertEqual('lgIuiAJCoXPRwWoHgG4ZAoKtmrv47aPr4AsbmESj8AA', desc.ed25519_certificate_hash)
     self.assertEqual('OB/fqLD8lYmjti09R+xXH/D4S2qlizxdZqtudnsunxE', desc.router_digest_sha256)
-
-    # TODO: Turns out sanitized descriptors have ntor-onion-key. Need to double
-    # check this is intended.
-    #
-    # self.assertEqual([], desc.get_unrecognized_lines())
+    self.assertEqual([], desc.get_unrecognized_lines())
 
   def test_cr_in_contact_line(self):
     """

More information about the tor-commits mailing list