[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [stem/master] Disable key blinding by default



commit 860afdb8f6edccdb31a9e4e13399b178645554b3
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Sun Nov 17 15:11:39 2019 -0800

    Disable key blinding by default
    
    On reflection, why not simply disable blinding by default? Blinding parameters
    are unnecessary for the vast majority of use cases, and when needed the caller
    can simply provide a nonce (and by extension accept the lengthy runtime).
    
    We can always re-enable blinding as a default if/when we have a performant
    implementation.
---
 stem/descriptor/hidden_service.py         | 15 ++++++++++++---
 test/unit/descriptor/hidden_service_v3.py | 22 ----------------------
 2 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index 3af2fa0c..3ad2f031 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -920,6 +920,14 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
     Construction through this method can supply any or none of these, with
     omitted parameters populated with randomized defaults.
 
+    **Ed25519 key blinding takes several seconds**, and as such is disabled if a
+    **blinding_nonce** is not provided. To blind with a random nonce simply
+    call...
+
+    ::
+
+      HiddenServiceDescriptorV3(blinding_nonce = os.urandom(32))
+
     :param dict attr: keyword/value mappings to be included in plaintext descriptor
     :param list exclude: mandatory keywords to exclude from the descriptor, this
       results in an invalid descriptor
@@ -948,6 +956,8 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
       raise ImportError('Hidden service descriptor creation requires cryptography version 2.6')
     elif not stem.prereq._is_sha3_available():
       raise ImportError('Hidden service descriptor creation requires python 3.6+ or the pysha3 module (https://pypi.org/project/pysha3/)')
+    elif blinding_nonce and len(blinding_nonce) != 32:
+      raise ValueError('Blinding nonce must be 32 bytes, but was %i' % len(blinding_nonce))
 
     from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
 
@@ -955,9 +965,8 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
     identity_key = identity_key if identity_key else Ed25519PrivateKey.generate()
     signing_key = signing_key if signing_key else Ed25519PrivateKey.generate()
     revision_counter = revision_counter if revision_counter else int(time.time())
-    blinding_nonce = blinding_nonce if blinding_nonce else os.urandom(32)
 
-    blinded_key = _blinded_pubkey(identity_key, blinding_nonce)
+    blinded_key = _blinded_pubkey(identity_key, blinding_nonce) if blinding_nonce else b'a' * 32
     subcredential = HiddenServiceDescriptorV3._subcredential(identity_key, blinded_key)
     custom_sig = attr.pop('signature') if (attr and 'signature' in attr) else None
 
@@ -974,7 +983,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
       extensions = [Ed25519Extension(ExtensionType.HAS_SIGNING_KEY, None, blinded_key)]
 
       signing_cert = Ed25519CertificateV1(cert_type = CertType.HS_V3_DESC_SIGNING, key = signing_key, extensions = extensions)
-      signing_cert.signature = _blinded_sign(signing_cert.pack(), identity_key, blinded_key, blinding_nonce)
+      signing_cert.signature = _blinded_sign(signing_cert.pack(), identity_key, blinded_key, blinding_nonce) if blinding_nonce else b'b' * 64
 
     desc_content = _descriptor_content(attr, exclude, (
       ('hs-descriptor', '3'),
diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py
index 6a838c8a..4549db2b 100644
--- a/test/unit/descriptor/hidden_service_v3.py
+++ b/test/unit/descriptor/hidden_service_v3.py
@@ -80,23 +80,6 @@ with open(get_resource('hidden_service_v3_intro_point')) as intro_point_file:
   INTRO_POINT_STR = intro_point_file.read()
 
 
-def disable_blinding(func):
-  """
-  Blinded key creation and signing are horribly slow. 1.5 seconds each,
-  making each call to HiddenServiceDescriptorV3.create() take over three
-  seconds.
-
-  As such disabling it in most tests.
-  """
-
-  def wrapped(*args, **kwargs):
-    with patch('stem.descriptor.hidden_service._blinded_pubkey', Mock(return_value = b'k' * 32)):
-      with patch('stem.descriptor.hidden_service._blinded_sign', Mock(return_value = b'a' * 64)):
-        return func(*args, **kwargs)
-
-  return wrapped
-
-
 class TestHiddenServiceDescriptorV3(unittest.TestCase):
   def test_real_descriptor(self):
     """
@@ -178,7 +161,6 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
     self.assertEqual(None, intro_point.legacy_key_raw)
     self.assertEqual(None, intro_point.legacy_key_cert)
 
-  @disable_blinding
   @test.require.ed25519_support
   def test_required_fields(self):
     """
@@ -198,7 +180,6 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
       desc_text = HiddenServiceDescriptorV3.content(exclude = (line,))
       expect_invalid_attr_for_text(self, desc_text, line_to_attr[line], None)
 
-  @disable_blinding
   @test.require.ed25519_support
   def test_invalid_version(self):
     """
@@ -214,7 +195,6 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
     for test_value in test_values:
       expect_invalid_attr(self, {'hs-descriptor': test_value}, 'version')
 
-  @disable_blinding
   @test.require.ed25519_support
   def test_invalid_lifetime(self):
     """
@@ -230,7 +210,6 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
     for test_value in test_values:
       expect_invalid_attr(self, {'descriptor-lifetime': test_value}, 'lifetime')
 
-  @disable_blinding
   @test.require.ed25519_support
   def test_invalid_revision_counter(self):
     """
@@ -427,7 +406,6 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
     self.assertEqual(1, len(inner_layer.introduction_points))
     self.assertEqual('1.1.1.1', inner_layer.introduction_points[0].link_specifiers[0].address)
 
-  @disable_blinding
   @test.require.ed25519_support
   def test_descriptor_creation(self):
     """



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits