[tor-commits] [stem/master] Skip cryptographic validation of fabricated HSv2 descriptors

atagar at torproject.org atagar at torproject.org
Tue Feb 11 21:51:00 UTC 2020


commit 960eb3ae96e607eb67af4898826a73690a82a301
Author: Damian Johnson <atagar at torproject.org>
Date:   Tue Feb 11 13:46:47 2020 -0800

    Skip cryptographic validation of fabricated HSv2 descriptors
    
    Oops, when removing unused 'sign' arguments I accidently dropped our
    skip_crypto_validation argument here. George and I invested quite a bit of
    effort into creating cryptographically valid HSv3 descriptors, but HSv2
    descriptors aren't.
    
    This caused the following test failures...
    
      ======================================================================
      ERROR: test_minimal_hidden_service_descriptor
      ----------------------------------------------------------------------
      Traceback (most recent call last):
        File "/home/atagar/Desktop/stem/test/unit/descriptor/hidden_service_v2.py", line 414, in test_minimal_hidden_service_descriptor
          desc = HiddenServiceDescriptorV2.create()
        File "/home/atagar/Desktop/stem/stem/descriptor/hidden_service.py", line 702, in create
          return cls(cls.content(attr, exclude), validate = validate)
        File "/home/atagar/Desktop/stem/stem/descriptor/hidden_service.py", line 723, in __init__
          signed_digest = self._digest_for_signature(self.permanent_key, self.signature)
        File "/home/atagar/Desktop/stem/stem/descriptor/__init__.py", line 1043, in _digest_for_signature
          key = load_der_public_key(_bytes_for_block(signing_key), default_backend())
        File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 32, in load_der_public_key
          return backend.load_der_public_key(data)
        File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1182, in load_der_public_key
          self._handle_key_loading_error()
        File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1373, in _handle_key_loading_error
          raise ValueError("Could not deserialize key data.")
      ValueError: Could not deserialize key data.
---
 stem/descriptor/hidden_service.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index 8860b594..64daee16 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -699,7 +699,7 @@ class HiddenServiceDescriptorV2(HiddenServiceDescriptor):
 
   @classmethod
   def create(cls, attr = None, exclude = (), validate = True):
-    return cls(cls.content(attr, exclude), validate = validate)
+    return cls(cls.content(attr, exclude), validate = validate, skip_crypto_validation = True)
 
   def __init__(self, raw_contents, validate = False, skip_crypto_validation = False):
     super(HiddenServiceDescriptorV2, self).__init__(raw_contents, lazy_load = not validate)



More information about the tor-commits mailing list