[tor-dev] Proposal xxx: Safe cookie authentication

Damian Johnson atagar1 at gmail.com
Sun Feb 5 18:45:45 UTC 2012


> Unlike other commands besides AUTHENTICATE

AUTHENTICATE and PROTOCOLINFO

> HMAC-SHA256("Tor controller-to-server cookie authenticator", CookieString)

I'm more than a little green with HMAC. Does this mean that the hmac
key is that static string, so it would be implemented like...

import hmac
cookie_file = open("/path/to/cookie")
h = hmac.new("Tor controller-to-server cookie authenticator",
cookie_file.read())

# that second wrapper, where it looks like the above is the key
h = hmac.new(h.hexdigest(), server_challenge_response)

# send to the controller
send_to_controller(h.hexdigest())

Also, is "HMAC-SHA256" some special hmac implementation that I need to
look up? Is it part of the builtin python lib?

Speaking as someone who will need to implement the controller side of
this I'm not really sure what I'm supposed to do with this. Some
points of clarification that are needed:

1. Is CLIENTCHALLENGE just any arbitrary client provided string used
as a salt for the hash?
2. The CLIENTRESPONSE is something that I validate then discard, right?
3. What happens if a user issues a AUTHCHALLENGE, PROTOCOLINFO, then
AUTHENTICATE? What about PROTOCOLINFO, AUTHCHALLENGE, AUTHENTICATE?

Personally I don't see the reason for the last handshake. The
controller is proving that it should have access by providing the
cookie contents. Providing both the cookie contents and
SERVERCHALLENGE proves that we sent and received the AUTHCHALLENGE
which isn't terribly interesting.

If we only included the AUTHCHALLENGE message and response then this
would not require a new authentication method so controllers could opt
into the extra cookie validation. That said, if your intent is to
force controllers to do the SAFECOOKIE handshake then this makes
sense.

Cheers! -Damian


More information about the tor-dev mailing list