[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #5810 [Stem]: Implement verification of server descriptor
#5810: Implement verification of server descriptor
-------------------------+--------------------------------------------------
Reporter: reganeet | Owner: reganeet
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Stem | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
We need to implement is_valid() method of
stem.descriptor.server_descriptor.!RelayDescriptor ![1] , to do some
verifications on the descriptor:
1) a contained fingerprint is actually a hash of the signing key and
2) a router signature was created using the signing key.
There's already Java code for doing this in metrics-tasks [2]. However,
the Java code is a standalone test, while stem's implementation is self-
contained within the descriptor.
We need some ssl library to read the pem-format keys in descriptors, and
M2Crypto seems to be the best choiceÂ[3]. The problem with M2Crypto is
that it requires SSL_v2 support from openssl, which is considered unsafe
thus excluded from recent Ubuntu releases, and possibly Debian [4]. I
don't know how many people run Tor in Ubuntu, and whether we should let
users responsible for having a complete openssl library. It seems quite
hard to work this around on UbuntuÂ![5].
[1][https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_descriptor.py#l624
:]https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_descriptor.py#l624
[2]: https://gitweb.torproject.org/metrics-
tasks.git/blob/HEAD:/task-2768/VerifyDescriptors.java
[3]: http://stackoverflow.com/a/606702/994146
[4]: http://stackoverflow.com/a/8219807/994146
[5]: https://discussions.nessus.org/thread/3174
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5810>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs