[tor-bugs] #19317 [Metrics/CollecTor]: Sanitize TCP ports in bridge descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 9 00:21:15 UTC 2016
#19317: Sanitize TCP ports in bridge descriptors
-------------------------------+---------------------
Reporter: karsten | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Metrics/CollecTor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------+---------------------
Comment (by teor):
Replying to [comment:2 karsten]:
> Huh, good point, didn't think of that. How about we make the following
two changes, one related to your suggestion and one unrelated?
>
> - Take out the `% 65535 + 1` part to make this calculation a little
less complicated, at the risk of accidentally changing 1 in 2^16^ ports to
0.
I think that a 0 port has a special meaning (not configured) and we need
to preserve that.
I'm comfortable with the extra complexity. But I'm not the one who has to
code or maintain it, so it's up to you.
> - Add clarifying sentence: "All calculations assume that inputs and
outputs are in network byte order." Does that make sense, or is there a
better sentence to add here? (We'll want to add a similar sentence to the
IP address sanitizing part.)
Hmm, network byte order is only meaningful for integers, and it's
important only when they are hashed, or otherwise interpreted as an array
of bytes. So it only affects the port (16 bit integer) and IPv4 address
(32 bit integer).
All the other hash inputs and outputs have a defined order already - the
order in memory.
So I'm not sure if this sentence would add more confusion - maybe it's
just worth clarifying the integer inputs?
> New paragraph would be:
>
> - Each non-zero TCP port is replaced with `H(port | bridge identity |
secret)[:2]` written as decimal number. The input `port` is the 2-byte
long binary representation of the TCP port. The `bridge identity` is the
20-byte long binary representation of the bridge's long-term identity
fingerprint. The `secret` is a 33-byte long secure random string that
changes once per month for all descriptors and statuses published in that
month. `H()` is SHA-256. The `[:2]` operator means that we pick the 2
most significant bytes of the result. All operations assume network byte
order for their inputs and outputs. TCP ports that are 0 in the original
descriptor are left unchanged.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19317#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list