[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5810 [Stem]: Implement verification of server descriptor



#5810: Implement verification of server descriptor
-------------------------+--------------------------------------------------
 Reporter:  reganeet     |          Owner:  reganeet
     Type:  enhancement  |         Status:  new     
 Priority:  normal       |      Milestone:          
Component:  Stem         |        Version:          
 Keywords:               |         Parent:          
   Points:               |   Actualpoints:          
-------------------------+--------------------------------------------------

Comment(by reganeet):

 The first verification is done by using python-rsa, but I have some
 difficulties implementing the second part. According to the Java code,
 what we should do is:
     1. Read the signing key from the descriptor;
     2. Get the signature from the descriptor, filter out the header and
 footer, and
        do a base64 decode to get the signature bytes;
     3. Decrypt the signature bytes with the signing key and remove the
 PKCS1
        padding to get the original message;
     4. Encode the message in hex and compare it to the digest of the
 descriptor.

 I'm done the first two parts and checked they were correct. The hard part
 is 3. I'm trying to do it with the verify() method in python-rsa [1].
 However, I always get a
 ValidationError. I'm diving into the code of verify() method and trying to
 decrypt the signature bytes step by step, and it seems that the decrypted
 message does not start with the signature marker of PKCS1 padding, which
 should be '\x00\x01'.

 Going to dive deeper tomorrow...

 [1] https://bitbucket.org/sybren/python-rsa/src/5d834ee3e7e5/rsa/pkcs1.py

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5810#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs