[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22817 [Core Tor/Tor]: SAFECOOKIE description in control spec does not have verifiable test vectors
#22817: SAFECOOKIE description in control spec does not have verifiable test
vectors
--------------------------+------------------------------------
Reporter: amphetamine | Owner:
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-spec | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by amphetamine):
Here's a Python session transcript:
{{{
python
Python 2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import stem.util.connection
>>> import binascii
>>>
>>> expected_server_hash =
"f97294895a4c9b3fe04c390f1b3bcda886e54501220726e075140ff636fe0d91"
>>> expected_client_hash =
"02b6f2e708dffb47efcddbfdc08d24d3f9f87bb416a057b4cf5e553e56125bbb"
>>> client_nonce = "f0"
>>> server_nonce =
"65634AA3D089F94AD841DF2F35685CCD6666086CB674D5E9DE2D516BD2E7318B"
>>> cookie =
"7aab85f16613633d115be5ea6722b5e0527ae72100bfb0fd64fb5b15a8fcde4b"
>>> CLIENT_HASH_CONSTANT = "Tor safe cookie authentication controller-to-
server hash"
>>> SERVER_HASH_CONSTANT = "Tor safe cookie authentication server-to-
controller hash"
>>>
>>> server_hash = stem.util.connection._hmac_sha256(SERVER_HASH_CONSTANT,
binascii.unhexlify(cookie + client_nonce + server_nonce)).encode('hex')
>>> client_hash = stem.util.connection._hmac_sha256(CLIENT_HASH_CONSTANT,
binascii.unhexlify(cookie + client_nonce + server_nonce)).encode('hex')
>>>
>>> expected_server_hash == server_hash
True
>>> expected_client_hash == client_hash
True
}}}
There are also passing tests for a Rust implementation starting here:
https://gitlab.com/amphetamine/puccinia/blob/master/src/authentication.rs#L218
I used those tests to generate the above vectors used in Stem, so that
should at least corroborate the two together.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22817#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs