Implement verification of server descriptor
We need to implement is_valid() method of stem.descriptor.server_descriptor.RelayDescriptor ![1] , to do some verifications on the descriptor:
-
a contained fingerprint is actually a hash of the signing key and
-
a router signature was created using the signing key.
There's already Java code for doing this in metrics-tasks 2. However, the Java code is a standalone test, while stem's implementation is self-contained within the descriptor.
We need some ssl library to read the pem-format keys in descriptors, and M2Crypto seems to be the best choice 3. The problem with M2Crypto is that it requires SSL_v2 support from openssl, which is considered unsafe thus excluded from recent Ubuntu releases, and possibly Debian 4. I don't know how many people run Tor in Ubuntu, and whether we should let users responsible for having a complete openssl library. It seems quite hard to work this around on Ubuntu .
[1]:https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_descriptor.py#l624
Trac:
Username: reganeet