[tor-commits] [stem/master] Generate desc-auth-ephemeral-key from a key

[atagar@xxxxxxxxxxxxxx]

commit 2526db23a86022796d7d635e1081f2bcd976376b
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Fri Nov 22 13:40:45 2019 -0800

    Generate desc-auth-ephemeral-key from a key
    
    Great catch from asn on #31823 that we should generate desc-auth-ephemeral-key
    fields from a key rather than random bytes. Otherwise this can be used as a
    fingerprint to differentiate our descriptors from tor's.
---
 stem/descriptor/hidden_service.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index ea1ae739..e75c7a6e 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -1188,6 +1188,7 @@ class OuterLayer(Descriptor):
       raise ImportError('Hidden service layer creation requires cryptography version 2.6')
 
     from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+    from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
 
     inner_layer = inner_layer if inner_layer else InnerLayer.create()
     revision_counter = revision_counter if revision_counter else 1
@@ -1196,7 +1197,7 @@ class OuterLayer(Descriptor):
 
     return _descriptor_content(attr, exclude, (
       ('desc-auth-type', 'x25519'),
-      ('desc-auth-ephemeral-key', base64.b64encode(os.urandom(32))),
+      ('desc-auth-ephemeral-key', base64.b64encode(stem.util._pubkey_bytes(X25519PrivateKey.generate()))),
     ), (
       ('encrypted', b'\n' + inner_layer._encrypt(revision_counter, subcredential, blinded_key)),
     ))

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits