[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21693 [Core Tor/Tor]: prop224 HS descriptors do wasteful double-base64 encoding



#21693: prop224 HS descriptors do wasteful double-base64 encoding
----------------------------+------------------------------------
 Reporter:  asn             |          Owner:
     Type:  task            |         Status:  new
 Priority:  Medium          |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor    |        Version:
 Severity:  Normal          |     Resolution:
 Keywords:  tor-hs prop224  |  Actual Points:
Parent ID:                  |         Points:  4
 Reviewer:                  |        Sponsor:  SponsorR-can
----------------------------+------------------------------------

Comment (by asn):

 A further point of complication here is that we apply NUL padding (up to
 nearest multiple of 10k bytes) on the superencrypted section to hide
 metadata about client auth details and intro points. So it's more like:

 `middle_layer = b64(encrypt(client_auth_data + b64(encrypt(inner_layer)) +
 nul_padding))`
 `outer_layer = header + middle_layer.`

 So unfortunately it's not as simple as replacing
 `b64(encrypt(inner_layer))` with `encrypt(inner_layer)` since then the
 binary ciphertext gets mangled with the NUL padding... :(

 I guess this means we need some sort of frame on the binary data that
 specifies the length of `encrypt(inner_layer)`, so that the decoding side
 can separate the ciphertext from the padding.

 In my experience, these sort of frames need careful consideration due to
 all sorts of weird padding-oracle type of stuff... Will think some more,
 but this might be a reasonable topic for amsterdam as well...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21693#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs