[tor-bugs] #20287 [Metrics/CollecTor]: digest computation for names of vote files in CollecTor's file protocol and code differs

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 4 19:23:08 UTC 2016 

#20287: digest computation for names of vote files in CollecTor's file protocol and
code differs
-----------------------------------+-----------------------------
     Reporter:  iwakeh             |      Owner:
         Type:  defect             |     Status:  new
     Priority:  High               |  Milestone:  CollecTor 1.1.0
    Component:  Metrics/CollecTor  |    Version:
     Severity:  Normal             |   Keywords:
Actual Points:                     |  Parent ID:
       Points:                     |   Reviewer:
      Sponsor:                     |
-----------------------------------+-----------------------------
 It seems that
 [https://gitweb.torproject.org/collector.git/tree/src/main/resources/docs/PROTOCOL#n202
 section 4.3.3] of the protocol doesn't coincide with CollecTor's code.

 The section reads:
 {{{
 4.3.3
    'votes' contains files named

    year DASH month DASH day DASH hour DASH minute DASH second
    DASH VOTE DASH fingerprint DASH digest

    Where VOTE is the string "vote" and all time related
    values are derived from the valid-after dates. 'fingerprint'
    is the fingerprint of the authority and 'digest' is the SHA1
    digest of the authority's medium term signing key.
 }}}

 But the code for creating the digest calculates a digest for the
 descriptor bytes from the start of the vote to the 'directory-signature '
 (incl.).
 (cf.
 [https://gitweb.torproject.org/collector.git/tree/src/main/java/org/torproject/collector/relaydescs/RelayDescriptorParser.java#n204
 here]).
 {{{
 #!java
     ...
             String ascii = new String(data, "US-ASCII");
             String startToken = "network-status-version ";
             String sigToken = "directory-signature ";
             int start = ascii.indexOf(startToken);
             int sig = ascii.indexOf(sigToken);
             if (start >= 0 && sig >= 0 && sig > start) {
               sig += sigToken.length();
               byte[] forDigest = new byte[sig - start];
               System.arraycopy(data, start, forDigest, 0, sig - start);
               String digest = DigestUtils.shaHex(forDigest).toUpperCase();
               if (this.aw != null) {
                 this.aw.storeVote(data, validAfter, dirSource, digest,
                     serverDescriptorDigests);
       ...
 }}}


 Which is correct?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20287>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list