[tor-bugs] #16359 [Metrics Data Processor]: Add new ed25519-related lines to sanitized bridge descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 13 08:05:45 UTC 2015
#16359: Add new ed25519-related lines to sanitized bridge descriptors
------------------------------------+---------------------
Reporter: karsten | Owner:
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Metrics Data Processor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
------------------------------------+---------------------
Recent Tor bridges include ed25519-related lines in their server
descriptors and extra-info descriptors. We need to sanitize them in a way
that doesn't leak the new ed25519 bridge identity. See also some
[https://lists.torproject.org/pipermail/tor-dev/2015-May/008885.html
discussion about this on tor-dev@].
I just finished writing some possible
[https://gitweb.torproject.org/karsten/metrics-db.git/log/?h=ed25519
sanitizing code for this] and would appreciate a quick review of the
[https://gitweb.torproject.org/karsten/metrics-
db.git/commit/?h=ed25519&id=053ae4d361230503882867b755aac1541f3d32cd new
parsing code there].
Also, here are two sanitized bridge descriptors as samples:
{{{
@type bridge-server-descriptor 1.1
router hatak2 10.131.136.200 89 0 0
or-address [fd9f:2e19:3bcf::d4:b0b5]:89
master-key-ed25519 vtKSwo5ic01Lmd1bkRZ64Pn+3p6463SWo59mUobgw1w
platform Tor 0.2.7.1-alpha-dev on Linux
protocols Link 1 2 Circuit 1
published 2015-06-12 07:32:33
fingerprint FEC3 88B2 464F 8A84 AF02 CB76 3B10 7F71 2750 B3A9
uptime 208681
bandwidth 14971520 104857600 153167
extra-info-digest 64ED1D6F4851BEC31A1FB0F98BBA18F5ADAD6041
KCnzQ4dTAV+KqwyFYPOlJ9UwYW0vE3wzanHmQ0C1SnI
hidden-service-dir
contact somebody
ntor-onion-key 7aW+CYWazyD6+g4oZTLZ5UgjashXriSyuCrc9MnwYEA=
reject *:*
router-digest-sha256 4TfyBALOAWmuLv3Ag5JvLsrXwraNsfxswCnGvVkbPQA
router-digest C3140734BF6DEC26895456427D793E2ED8BC6F4B
}}}
{{{
@type bridge-extra-info 1.3
extra-info hatak2 FEC388B2464F8A84AF02CB763B107F712750B3A9
master-key-ed25519 vtKSwo5ic01Lmd1bkRZ64Pn+3p6463SWo59mUobgw1w
published 2015-06-12 07:32:33
write-history 2015-06-12 06:25:25 (14400 s)
412672,518144,427008,678912,39168000,422912
read-history 2015-06-12 06:25:25 (14400 s)
4737024,6061056,4524032,5554176,42741760,4158464
dirreq-write-history 2015-06-11 21:30:09 (14400 s) 31744,0,0,0,0,0
dirreq-read-history 2015-06-11 21:30:09 (14400 s) 5120,0,0,0,0,0
geoip-db-digest 0A1F9C09E08F6F2490E8880664D4E863D1680A12
geoip6-db-digest A6E9B5DE6F887315749B29F9C9F698215BE5240A
dirreq-stats-end 2015-06-11 21:30:16 (86400 s)
dirreq-v3-ips
dirreq-v3-reqs
dirreq-v3-resp ok=0,not-enough-sigs=0,unavailable=0,not-found=0,not-
modified=0,busy=0
dirreq-v3-direct-dl complete=0,timeout=0,running=0
dirreq-v3-tunneled-dl complete=0,timeout=0,running=0
transport fte
transport obfs4
transport websocket
bridge-stats-end 2015-06-11 21:34:31 (86400 s)
bridge-ips
bridge-ip-versions v4=0,v6=0
bridge-ip-transports
router-digest-sha256 KCnzQ4dTAV+KqwyFYPOlJ9UwYW0vE3wzanHmQ0C1SnI
router-digest 64ED1D6F4851BEC31A1FB0F98BBA18F5ADAD6041
}}}
New/updated lines are:
- `@type` lines contain updated minor version numbers because of
additional lines.
- `master-key-ed25519` in both server descriptors and extra-info
descriptors, containing SHA256 digests of keys. Note that extra-info
descriptors produced by Tor don't (yet) contain such lines.
- `extra-info-digest` in server descriptors now contains two digests
matching the digests in the `router-digest` and `router-digest-sha256`
lines in extra-info descriptors.
- `router-digest-sha256` contains the SHA256 of SHA256 of full descriptor
contents including signatures.
Anything else I'm missing?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16359>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list