[tor-dev] [tor-assistants] Python metrics-lib

Karsten Loesing karsten at torproject.org
Mon May 7 09:13:47 UTC 2012


On 5/6/12 3:36 AM, Damian Johnson wrote:
> First I'd like to make sure that I'm clear on what we're trying to do.
> The javadocs for VerifyDescriptors [1] says that it...
> 
>> Verify server descriptors using the contained signing key.  Verify that
>> 1) a contained fingerprint is actually a hash of the signing key and
>> 2) a router signature was created using the signing key.
>>
>> Verify consensuses using the separate certs.  Verify that
>> 1) the fingerprint in a cert is actually a hash of the identity key,
>> 2) a cert was signed using the identity key,
>> 3) a consensus was signed using the signing key from the cert.
> 
> Honestly I'm not yet sure what most of this means. The first #2 is
> simply checking that the descriptor content can be verified using the
> router-signature and signing-key, right?

Yup.  But you also need the first #1, or metrics-db could modify server
descriptors at will, put in its own key, and re-sign the descriptor with
that key, and stem would think everything's valid.

> If so then this sounds like a
> good place to start since it's entirely self-contained within the
> descriptor and just involves implementation and testing of...
> 
> https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_descriptor.py#l624

Sounds good.

For other descriptors than server descriptors, you may want to have a
similar method that accepts the signing key.  In the case of certs and
consensuses you'd have an is_valid() method for certs, a getter in the
cert class to obtain the signing key, and an is_valid(signing_key) in
the consensus class.

Best,
Karsten


More information about the tor-dev mailing list