[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [stem/master] Revised behavior for document signature methods
commit e1772bb9ad9ad2f6f085e2c0f489214d2f7fd6ee
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date: Fri Nov 23 12:14:12 2012 -0800
Revised behavior for document signature methods
The spec has been revised to explain how signature methods worked. I had
assumed that they were included in microdescritor consensuses and excluded from
standard consensuses. Turns out however that they can be included with both
and, if excluded, have a default value of 'sha1'. This is much nicer from a
parsing and behavior standpoint.
bug report: https://trac.torproject.org/7072
fix: https://gitweb.torproject.org/torspec.git/commitdiff/96427e8
---
stem/descriptor/networkstatus.py | 22 +++---------
test/integ/descriptor/networkstatus.py | 4 +-
test/mocking.py | 5 ---
test/unit/descriptor/networkstatus/document_v3.py | 37 +++++++--------------
4 files changed, 19 insertions(+), 49 deletions(-)
diff --git a/stem/descriptor/networkstatus.py b/stem/descriptor/networkstatus.py
index 0c08611..ca6aca2 100644
--- a/stem/descriptor/networkstatus.py
+++ b/stem/descriptor/networkstatus.py
@@ -768,19 +768,12 @@ class _DocumentFooter(object):
raise ValueError("A network status document's 'bandwidth-weights' entries should be '%s', got '%s'" % (expected_label, actual_label))
elif keyword == "directory-signature":
for sig_value, block_contents in values:
- if not header.is_microdescriptor:
- expected_spaces = 1
- format_label = 'directory-signature FINGERPRINT KEY_DIGEST'
- else:
- expected_spaces = 2
- format_label = 'directory-signature METHOD FINGERPRINT KEY_DIGEST'
-
- if sig_value.count(" ") != expected_spaces or not block_contents:
+ if not sig_value.count(" ") in (1, 2) or not block_contents:
if not validate: continue
- raise ValueError("Authority signatures in a network status document are expected to be of the form '%s\\nSIGNATURE', got:\n%s\n%s" % (format_label, sig_value, block_contents))
+ raise ValueError("Authority signatures in a network status document are expected to be of the form 'directory-signature [METHOD] FINGERPRINT KEY_DIGEST\\nSIGNATURE', got:\n%s\n%s" % (sig_value, block_contents))
- if not header.is_microdescriptor:
- method = None
+ if sig_value.count(" ") == 1:
+ method = 'sha1' # default if none was provided
fingerprint, key_digest = sig_value.split(" ", 1)
else:
method, fingerprint, key_digest = sig_value.split(" ", 2)
@@ -1232,8 +1225,7 @@ class DocumentSignature(object):
"""
Directory signature of a v3 network status document.
- :var str method: method used to make the signature, this only appears in
- microdescriptor consensuses
+ :var str method: algorithm used to make the signature
:var str identity: fingerprint of the authority that made the signature
:var str key_digest: digest of the signing key
:var str signature: document signature
@@ -1253,10 +1245,6 @@ class DocumentSignature(object):
if not stem.util.tor_tools.is_valid_fingerprint(key_digest):
raise ValueError("Malformed key digest (%s) in the document signature" % (key_digest))
- # TODO: The method field is undocumented so I'm just guessing how we should
- # handle it. Ticket for clarification...
- # https://trac.torproject.org/7072
-
self.method = method
self.identity = identity
self.key_digest = key_digest
diff --git a/test/integ/descriptor/networkstatus.py b/test/integ/descriptor/networkstatus.py
index 1b70898..84a1901 100644
--- a/test/integ/descriptor/networkstatus.py
+++ b/test/integ/descriptor/networkstatus.py
@@ -189,7 +189,7 @@ I/TJmV928na7RLZe2mGHCAW3VQOvV+QkCfj05VZ8CsY=
signature = document.signatures[0]
self.assertEquals(8, len(document.signatures))
- self.assertEquals(None, signature.method)
+ self.assertEquals("sha1", signature.method)
self.assertEquals("14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4", signature.identity)
self.assertEquals("BF112F1C6D5543CFD0A32215ACABD4197B5279AD", signature.key_digest)
self.assertEquals(expected_signature, signature.signature)
@@ -400,7 +400,7 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
signature = document.signatures[0]
self.assertEquals(1, len(document.signatures))
- self.assertEquals(None, signature.method)
+ self.assertEquals("sha1", signature.method)
self.assertEquals("27B6B5996C426270A5C95488AA5BCEB6BCC86956", signature.identity)
self.assertEquals("D5C30C15BB3F1DA27669C2D88439939E8F418FCF", signature.key_digest)
self.assertEquals(expected_signature, signature.signature)
diff --git a/test/mocking.py b/test/mocking.py
index d1b92db..e48ce64 100644
--- a/test/mocking.py
+++ b/test/mocking.py
@@ -759,11 +759,6 @@ def get_network_status_document_v3(attr = None, exclude = (), authorities = None
"consensus-method": "9",
}
- if "microdesc" in attr.get("network-status-version", ""):
- extra_defaults.update({
- "directory-signature": "sha256 " + NETWORK_STATUS_DOCUMENT_FOOTER[2][1],
- })
-
for k, v in extra_defaults.items():
if not (k in attr or (exclude and k in exclude)):
attr[k] = v
diff --git a/test/unit/descriptor/networkstatus/document_v3.py b/test/unit/descriptor/networkstatus/document_v3.py
index 11c9a9f..0396754 100644
--- a/test/unit/descriptor/networkstatus/document_v3.py
+++ b/test/unit/descriptor/networkstatus/document_v3.py
@@ -635,39 +635,26 @@ class TestNetworkStatusDocument(unittest.TestCase):
def test_microdescriptor_signature(self):
"""
- The 'directory-signature' lines for normal and microdescriptor conensuses
- differ slightly in their format.
+ The 'directory-signature' lines both with and without a defined method for
+ the signature format.
"""
- # including a microdescriptor flavored 'directory-signature' line should work
+ # including the signature method field should work
- document = get_network_status_document_v3({"network-status-version": "3 microdesc"})
- self.assertEqual('sha256', document.signatures[0].method)
-
- # include a standard 'directory-signature' line in a microdescriptor
- # consensus
-
- content = get_network_status_document_v3({
+ document = get_network_status_document_v3({
"network-status-version": "3 microdesc",
- "directory-signature": NETWORK_STATUS_DOCUMENT_FOOTER[2][1],
- }, content = True)
-
- self.assertRaises(ValueError, NetworkStatusDocumentV3, content)
-
- document = NetworkStatusDocumentV3(content, validate = False)
- self.assertEqual([], document.signatures)
+ "directory-signature": "sha256 " + NETWORK_STATUS_DOCUMENT_FOOTER[2][1],
+ })
- # includes a microdescriptor flavored 'directory-signature' line in a
- # normal consensus
+ self.assertEqual('sha256', document.signatures[0].method)
- content = get_network_status_document_v3({
- "directory-signature": "sha256 " + NETWORK_STATUS_DOCUMENT_FOOTER[2][1],
- }, content = True)
+ # excluding the method should default to sha1
- self.assertRaises(ValueError, NetworkStatusDocumentV3, content)
+ document = get_network_status_document_v3({
+ "network-status-version": "3 microdesc",
+ })
- document = NetworkStatusDocumentV3(content, validate = False)
- self.assertEqual([], document.signatures)
+ self.assertEqual('sha1', document.signatures[0].method)
def test_malformed_signature(self):
"""
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits