[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22817 [- Select a component]: SAFECOOKIE description in control spec does not have verifiable test vectors

Subject: [tor-bugs] #22817 [- Select a component]: SAFECOOKIE description in control spec does not have verifiable test vectors
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 04 Jul 2017 20:37:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Jul 2017 16:37:39 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22817: SAFECOOKIE description in control spec does not have verifiable test
vectors
--------------------------------------+-----------------
     Reporter:  amphetamine           |      Owner:
         Type:  enhancement           |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+-----------------
 The SAFECOOKIE documentation in
 https://gitweb.torproject.org/torspec.git/tree/control-spec.txt describes
 the hashing process, but doesn't provide verifiable sample input/output
 pairs that would be hugely helpful for implementing it.

 I worked around this by using the server hash reported by the Tor server
 and access to the Stem code to verify the expected inputs and outputs, but
 this is a lot of extra overhead beyond the spec document.

 A possible example of useful information:

  example server hash:
 F917E3B73CBEDC66A85EBD60F25E100552B89645FDEC87D69E9BD4E81E25B604
  example server nonce:
 F8B52E3424733A4081FCCD2A64FC9C67F0FD3A9639C1E09D5558C3B4B9B973E1
  example client nonce: 3b
  example client hash:
 c6213ce626df95c1b5f5c0b4fe77c8ff1a05c7fd7f5e5a9843d2b4d009b5d340

  The above vectors should be decoded to bytes and input to an HMAC
 initialized with the appropriate server-to-controller initialization key
 described in this spec to produce a matching hex string as provided by the
 Tor process in its AUTHCHALLENGE reply. The same vectors should also be
 decoded to bytes and input to an HMAC initialized with the appropriate
 controller-to-server initialization key described in this spec to produce
 the client hash.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22817>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #22817 [Core Tor/Tor]: SAFECOOKIE description in control spec does not have verifiable test vectors
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22817 [Core Tor/Tor]: SAFECOOKIE description in control spec does not have verifiable test vectors
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22817 [Core Tor/Tor]: SAFECOOKIE description in control spec does not have verifiable test vectors
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #23016 [Applications/Tor Browser]: "Print to File" does not create the expected file in non-English locales
Next by Author: Re: [tor-bugs] #22798 [Core Tor/Tor]: Windows relay is several times slower than Linux relay
Previous by thread: Re: [tor-bugs] #22768 [Internal Services/Service - jenkins]: Add building Tor with Rust support to Jenkins
Next by thread: Re: [tor-bugs] #22817 [Core Tor/Tor]: SAFECOOKIE description in control spec does not have verifiable test vectors
Index(es):
- Author
- Thread