[tor-commits] [stem/master] Generate desc-auth-ephemeral-key from a key
atagar at torproject.org
atagar at torproject.org
Fri Nov 22 21:42:09 UTC 2019
commit 2526db23a86022796d7d635e1081f2bcd976376b
Author: Damian Johnson <atagar at torproject.org>
Date: Fri Nov 22 13:40:45 2019 -0800
Generate desc-auth-ephemeral-key from a key
Great catch from asn on #31823 that we should generate desc-auth-ephemeral-key
fields from a key rather than random bytes. Otherwise this can be used as a
fingerprint to differentiate our descriptors from tor's.
---
stem/descriptor/hidden_service.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index ea1ae739..e75c7a6e 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -1188,6 +1188,7 @@ class OuterLayer(Descriptor):
raise ImportError('Hidden service layer creation requires cryptography version 2.6')
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+ from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
inner_layer = inner_layer if inner_layer else InnerLayer.create()
revision_counter = revision_counter if revision_counter else 1
@@ -1196,7 +1197,7 @@ class OuterLayer(Descriptor):
return _descriptor_content(attr, exclude, (
('desc-auth-type', 'x25519'),
- ('desc-auth-ephemeral-key', base64.b64encode(os.urandom(32))),
+ ('desc-auth-ephemeral-key', base64.b64encode(stem.util._pubkey_bytes(X25519PrivateKey.generate()))),
), (
('encrypted', b'\n' + inner_layer._encrypt(revision_counter, subcredential, blinded_key)),
))
More information about the tor-commits
mailing list