[tor-commits] [stem/master] Inner layer creation and encryption
atagar at torproject.org
atagar at torproject.org
Sun Nov 17 23:40:39 UTC 2019
commit 41f8a42a9e8735513b72d9ba3f6a5c11acf02943
Author: Damian Johnson <atagar at torproject.org>
Date: Mon Nov 11 15:32:55 2019 -0800
Inner layer creation and encryption
InnerLayer creation, encryption, and test. While _get_superencrypted_blob()
provided a great demo, it was limited to just introduction points. Now we'll
support anything the layer does.
---
stem/descriptor/__init__.py | 2 +-
stem/descriptor/hidden_service.py | 41 +++++++++++++++++++++++---
test/unit/descriptor/hidden_service_v3.py | 48 +++++++++++++++++++++++++++++++
3 files changed, 86 insertions(+), 5 deletions(-)
diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py
index 3a3d1838..862d5aca 100644
--- a/stem/descriptor/__init__.py
+++ b/stem/descriptor/__init__.py
@@ -975,7 +975,7 @@ class Descriptor(object):
:returns: **bytes** for the descriptor's contents
"""
- return self._raw_contents
+ return stem.util.str_tools._to_bytes(self._raw_contents)
def get_unrecognized_lines(self):
"""
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index 141f54b0..fcd29032 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -920,14 +920,14 @@ def _get_middle_descriptor_layer_body(encrypted):
b'%s' % (fake_pub_key_bytes_b64, fake_clients, encrypted)
-def _get_superencrypted_blob(intro_points, descriptor_signing_privkey, revision_counter, blinded_key, subcredential):
+def _get_superencrypted_blob(intro_points, revision_counter, blinded_key, subcredential):
"""
Get the superencrypted blob (which also includes the encrypted blob) that
should be attached to the descriptor
"""
- inner_descriptor_layer = stem.util.str_tools._to_bytes('create2-formats 2\n' + '\n'.join(map(IntroductionPointV3.encode, intro_points)) + '\n')
- inner_ciphertext_b64 = b'encrypted\n' + _encrypt_layer(inner_descriptor_layer, b'hsdir-encrypted-data', revision_counter, subcredential, blinded_key)
+ inner_layer = InnerLayer.create(introduction_points = intro_points)
+ inner_ciphertext_b64 = b'encrypted\n' + inner_layer.encrypt(revision_counter, blinded_key, subcredential)
middle_descriptor_layer = _get_middle_descriptor_layer_body(inner_ciphertext_b64)
@@ -1042,7 +1042,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
# this descriptor object so that we don't have to carry them around
# functions and instead we could use e.g. self.descriptor_signing_public_key
# But because this is a @classmethod this is not possible :/
- superencrypted_blob = _get_superencrypted_blob(intro_points, signing_key, revision_counter_int, blinded_pubkey_bytes, subcredential)
+ superencrypted_blob = _get_superencrypted_blob(intro_points, revision_counter_int, blinded_pubkey_bytes, subcredential)
desc_content = _descriptor_content(attr, exclude, (
('hs-descriptor', '3'),
@@ -1281,6 +1281,24 @@ class InnerLayer(Descriptor):
plaintext = _decrypt_layer(outer_layer.encrypted, b'hsdir-encrypted-data', revision_counter, subcredential, blinded_key)
return InnerLayer(plaintext, validate = True, outer_layer = outer_layer)
+ @classmethod
+ def content(cls, attr = None, exclude = (), sign = False, introduction_points = None):
+ if sign:
+ raise NotImplementedError('Signing of %s not implemented' % cls.__name__)
+
+ if introduction_points:
+ suffix = '\n' + '\n'.join(map(IntroductionPointV3.encode, introduction_points))
+ else:
+ suffix = ''
+
+ return _descriptor_content(attr, exclude, (
+ ('create2-formats', '2'),
+ )) + suffix
+
+ @classmethod
+ def create(cls, attr = None, exclude = (), validate = True, sign = False, introduction_points = None):
+ return cls(cls.content(attr, exclude, sign, introduction_points), validate = validate)
+
def __init__(self, content, validate = False, outer_layer = None):
super(InnerLayer, self).__init__(content, lazy_load = not validate)
self.outer = outer_layer
@@ -1304,6 +1322,21 @@ class InnerLayer(Descriptor):
else:
self._entries = entries
+ def encrypt(self, revision_counter, blinded_key, subcredential):
+ """
+ Encrypts into the content contained within the OuterLayer.
+
+ :param int revision_counter: descriptor revision number
+ :param bytes blinded_key: descriptor signing key
+ :param bytes subcredential: public key hash
+
+ :returns: base64 encoded content of the outer layer's 'encrypted' field
+ """
+
+ if not stem.prereq.is_crypto_available(ed25519 = True):
+ raise ImportError('Hidden service descriptor encryption requires cryptography version 2.6')
+
+ return _encrypt_layer(self.get_bytes(), b'hsdir-encrypted-data', revision_counter, subcredential, blinded_key)
# TODO: drop this alias in stem 2.x
diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py
index 163ea3db..f6173768 100644
--- a/test/unit/descriptor/hidden_service_v3.py
+++ b/test/unit/descriptor/hidden_service_v3.py
@@ -28,6 +28,12 @@ from test.unit.descriptor import (
)
try:
+ # added in python 2.7
+ from collections import OrderedDict
+except ImportError:
+ from stem.util.ordereddict import OrderedDict
+
+try:
# added in python 3.3
from unittest.mock import patch, Mock
except ImportError:
@@ -284,6 +290,48 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
reparsed = IntroductionPointV3.parse(intro_point.encode())
self.assertEqual(intro_point, reparsed)
+ def test_inner_layer_creation(self):
+ """
+ Internal layer creation.
+ """
+
+ # minimal layer
+
+ self.assertEqual('create2-formats 2', InnerLayer.content())
+ self.assertEqual([2], InnerLayer.create().formats)
+
+ # specify their only mandatory parameter (formats)
+
+ self.assertEqual('create2-formats 1 2 3', InnerLayer.content({'create2-formats': '1 2 3'}))
+ self.assertEqual([1, 2, 3], InnerLayer.create({'create2-formats': '1 2 3'}).formats)
+
+ # include optional parameters
+
+ desc = InnerLayer.create(OrderedDict((
+ ('intro-auth-required', 'ed25519'),
+ ('single-onion-service', ''),
+ )))
+
+ self.assertEqual([2], desc.formats)
+ self.assertEqual(['ed25519'], desc.intro_auth)
+ self.assertEqual(True, desc.is_single_service)
+ self.assertEqual([], desc.introduction_points)
+
+ # include introduction points
+
+ desc = InnerLayer.create(introduction_points = [
+ IntroductionPointV3.create('1.1.1.1', 9001),
+ IntroductionPointV3.create('2.2.2.2', 9001),
+ IntroductionPointV3.create('3.3.3.3', 9001),
+ ])
+
+ self.assertEqual(3, len(desc.introduction_points))
+ self.assertEqual('1.1.1.1', desc.introduction_points[0].link_specifiers[0].address)
+
+ self.assertTrue(InnerLayer.content(introduction_points = [
+ IntroductionPointV3.create('1.1.1.1', 9001),
+ ]).startswith('create2-formats 2\nintroduction-point AQAGAQEBASMp'))
+
@test.require.ed25519_support
def test_encode_decode_descriptor(self):
"""
More information about the tor-commits
mailing list