[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2895 [BridgeDB]: BridgeDB assumes that cached-descriptors[.new] are in chronological order



#2895: BridgeDB assumes that cached-descriptors[.new] are in chronological order
--------------------------+----------------------------------------------
     Reporter:  karsten   |      Owner:  isis
         Type:  defect    |     Status:  closed
     Priority:  minor     |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:  fixed     |   Keywords:  bridgedb-parsers, bridgedb-0.3.0
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+----------------------------------------------

Comment (by isis):

 Replying to [comment:4 arma]:
 > Replying to [comment:3 isis]:
 > > to my knowledge, BridgeDB has never had `cached-descriptor*` files
 >
 > Hm? That's how bridgedb used to know what bridges exist -- Tonga would
 export its cached-descriptor* files and bridgedb would import them.

 The files currently given to BridgeDB by Tonga are: `networkstatus-
 bridges`, `bridge-descriptors`, `cached-extrainfo`, and `cached-
 extrainfo.new`.

 > In fact, I'm a bit confused that it doesn't still have them, yet there
 are extrainfo descriptors. How do you know which extrainfo descriptor
 matches up to which bridge descriptor? Isn't that what the "extra-info-
 digest" line in the bridge descriptor is for?

 Yes, that is what it is for.

 No, BridgeDB (as of #9380) doesn't currently do this, but instead chains
 the verification of descriptors using the `router-signature` on the `@type
 bridge-extrainfo` document. (Although, I can gladly add code to check the
 descriptor digest tooâ that would be part of #9380. And that might
 possibly require more resources for the parsing and hashing of the `@type
 bridge-extrainfo` descriptors during the extrainfo deduplication, stage
 !#6 below, since the deduplication would need to do the hashing for each
 one and check that the hashes match, and I would still prefer to
 additionally check the signature on the `@type bridge-extrainfo`
 descriptor, so that both would need to validate before updating the Bridge
 with any of the extrainfo.)

 BridgeDB's verification chain for descriptors currently (as of #9380) goes
 like this:

  1.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/parse/descriptors.py?h=fix/9380-stem_r10#n70
 Parse] the `@type bridge-networkstatus` documents in the `networkstatus-
 bridges` file.

  2. Create `Bridge`
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n735
 class] instances for each this we parsed in step !#1. Call the
 `Bridge.updateFromNetworkStatus()`
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n1338
 method] with the corresponding networkstatus document for each Bridge.
 This includes storing the
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n1348
 descriptor digest] for each Bridge.

  3.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/parse/descriptors.py?h=fix/9380-stem_r10#n123
 Parse] the `@type bridge-server-descriptor`s found in the `bridge-
 descriptors` file.

  4.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n1363
 Update] each Bridge
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n881
 only if the descriptor digest matches] the digested value of the `@type
 bridge-server-descriptor` that was just parsed.

  5.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n1411
 Store] the `extra-info-digest` from each `@type bridge-server-descriptor`.

  6.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/parse/descriptors.py?h=fix/9380-stem_r10#n219
 Parse] and
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/parse/descriptors.py?h=fix/9380-stem_r10#n149
 deduplicate] the `@type bridge-extrainfo` descriptors in `cached-
 extrainfo` and `cached-extrainfo.new`.

  7.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n1413
 Verify] the `router-signature` on the `@type bridge-extrainfo` descriptor
 for each bridge, using the `signing-key` from the Bridge's `@type bridge-
 server-descriptor`.

  8.
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n1497
 Update] the Bridge's
 [https://gitweb.torproject.org/user/isis/bridgedb.git/tree/lib/bridgedb/bridges.py?h=fix/9380-stem_r10#n203
 PluggableTransport class] instances.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2895#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs