[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r22090: {projects} When sanitizing bridge descriptors, optionally replace IP ad (projects/archives/trunk/bridge-desc-sanitizer)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r22090: {projects} When sanitizing bridge descriptors, optionally replace IP ad (projects/archives/trunk/bridge-desc-sanitizer)
From: Karsten Loesing <karsten.loesing@xxxxxxx>
Date: Mon, 29 Mar 2010 22:05:01 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Mon, 29 Mar 2010 18:05:09 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: kloesing
Date: 2010-03-29 22:05:01 +0000 (Mon, 29 Mar 2010)
New Revision: 22090

Modified:
   projects/archives/trunk/bridge-desc-sanitizer/ConvertBridgeDescs.java
Log:
When sanitizing bridge descriptors, optionally replace IP address with
H(IP address + bridge identity + secret)[:4].


Modified: projects/archives/trunk/bridge-desc-sanitizer/ConvertBridgeDescs.java
===================================================================
--- projects/archives/trunk/bridge-desc-sanitizer/ConvertBridgeDescs.java	2010-03-29 17:06:34 UTC (rev 22089)
+++ projects/archives/trunk/bridge-desc-sanitizer/ConvertBridgeDescs.java	2010-03-29 22:05:01 UTC (rev 22090)
@@ -8,6 +8,15 @@
 
   public static void main(String[] args) throws Exception {
 
+    /* If the following flag is set to true, don't write 127.0.0.1 for
+     * bridge IP addresses, but put replace IP addresses with
+     * H(IP address + bridge identity + secret)[:4] formatted as IP
+     * address. An example for the hash input would be:
+     * "12.34.56.78ABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDpassword"
+     * (without quotes) */
+    boolean hashIpAddresses = false;
+    String secret = "password";
+
     long started = System.currentTimeMillis();
 
     if (args.length < 5) {
@@ -254,7 +263,9 @@
       String asciiString = new String(allData, "US-ASCII");
       BufferedReader br = new BufferedReader(new StringReader(
           asciiString));
-      String line = null, country = null;
+      String line = null, country = null, originalAddress = null,
+          ipAddress = "127.0.0.1", routerLinePartOne = null,
+          routerLinePartTwo = null;
       StringBuilder scrubbed = null;
       boolean skipCrypto = false, contactWritten = false;
       while ((line = br.readLine()) != null) {
@@ -268,10 +279,11 @@
           if (unresolved.contains(country)) {
             country = "zz";
           }
-          scrubbed = new StringBuilder("router Unnamed"
-              + country.toUpperCase() + " 127.0.0.1 "
-              + line.split(" ")[3] + " " + line.split(" ")[4] + " "
-              + line.split(" ")[5] + "\n");
+          originalAddress = line.split(" ")[2];
+          scrubbed = new StringBuilder();
+          routerLinePartOne = "router Unnamed" + country.toUpperCase();
+          routerLinePartTwo = line.split(" ")[3] + " "
+              + line.split(" ")[4] + " " + line.split(" ")[5] + "\n";
           contactWritten = false;
           haveExtraInfo = null;
         } else if (line.startsWith("opt fingerprint ")) {
@@ -283,6 +295,15 @@
             scrubbed.append(" " + fingerprint.substring(4 * i,
                 4 * (i + 1)));
           scrubbed.append("\n");
+          if (hashIpAddresses) {
+            byte[] hashedOctets = DigestUtils.sha(originalAddress
+                + line.substring(16).replaceAll(" ", "") + secret);
+            String hashedIp = "";
+            for (int i = 0; i < 4; i++) {
+              hashedIp += "." + ((int) hashedOctets[i] + 256) % 256;
+            }
+            ipAddress = hashedIp.substring(1);
+          }
         } else if (line.startsWith("contact ")) {
           scrubbed.append("contact somebody at example dot " + country
               + "\n");
@@ -295,7 +316,8 @@
           System.arraycopy(allData, startDescriptorIndex, forDigest, 0,
               endDescriptorIndex - startDescriptorIndex);
           String originalHash = DigestUtils.shaHex(forDigest);
-          String scrubbedDesc = scrubbed.toString();
+          String scrubbedDesc = routerLinePartOne + " " + ipAddress
+              + " " + routerLinePartTwo + scrubbed.toString();
           String scrubbedHash = DigestUtils.shaHex(scrubbedDesc);
           if (descriptorMapping.containsKey(originalHash) &&
               !descriptorMapping.get(originalHash).equals(scrubbedHash)) {
@@ -430,11 +452,22 @@
           if (unresolved.contains(country)) {
             country = "zz";
           }
+          String ipAddress = "127.0.0.1";
+          if (hashIpAddresses) {
+            byte[] hashedOctets = DigestUtils.sha(parts[6]
+                + Hex.encodeHexString(Base64.decodeBase64(
+                bridgeIdentity)).toUpperCase() + secret);
+            String hashedIp = "";
+            for (int i = 0; i < 4; i++) {
+              hashedIp += "." + ((int) hashedOctets[i] + 256) % 256;
+            }
+            ipAddress = hashedIp.substring(1);
+          }
           scrubbed.append("r Unnamed" + country.toUpperCase() + " "
               + hashedBridgeIdentity
               + " " + replacementDescIdentifier + " " + parts[4] + " "
-              + parts[5] + " 127.0.0.1 " + parts[7] + " " + parts[8]
-              + "\n");
+              + parts[5] + " " + ipAddress + " " + parts[7] + " "
+              + parts[8] + "\n");
         } else if (line.startsWith("s ")) {
           scrubbed.append(line + "\n");
         } else {

Prev by Author: [or-cvs] r22089: {projects} Fix digests for bridge descriptors with non-ASCII characters (projects/archives/trunk/bridge-desc-sanitizer)
Next by Author: [or-cvs] r21779: {torctl} Try to warn on missing descriptors, and also give Tor more t (torctl/trunk/python/TorCtl)
Previous by thread: [or-cvs] [tor/master] Segfault less during consensus generation without params
Next by thread: [or-cvs] r22091: {website} make it clear that tbb linux is beta (thanks, sebastian) (website/trunk/torbrowser/en)
Index(es):
- Author
- Thread