[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5810 [Stem]: Implement verification of server descriptor
#5810: Implement verification of server descriptor
-------------------------+--------------------------------------------------
Reporter: reganeet | Owner: reganeet
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Stem | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by reganeet):
The first verification is done by using python-rsa, but I have some
difficulties implementing the second part. According to the Java code,
what we should do is:
1. Read the signing key from the descriptor;
2. Get the signature from the descriptor, filter out the header and
footer, and
do a base64 decode to get the signature bytes;
3. Decrypt the signature bytes with the signing key and remove the
PKCS1
padding to get the original message;
4. Encode the message in hex and compare it to the digest of the
descriptor.
I'm done the first two parts and checked they were correct. The hard part
is 3. I'm trying to do it with the verify() method in python-rsa [1].
However, I always get a
ValidationError. I'm diving into the code of verify() method and trying to
decrypt the signature bytes step by step, and it seems that the decrypted
message does not start with the signature marker of PKCS1 padding, which
should be '\x00\x01'.
Going to dive deeper tomorrow...
[1] https://bitbucket.org/sybren/python-rsa/src/5d834ee3e7e5/rsa/pkcs1.py
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5810#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs