Opened 2 years ago

Closed 2 years ago

#15004 closed enhancement (implemented)

Hidden service descriptor parsing

Reported by: atagar Owned by: atagar
Priority: High Milestone:
Component: Core Tor/Stem Version:
Severity: Keywords: descriptor
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Months ago asn asked us for this but I said 'not until tor provides a way of actually... well, getting it'. With #14847 this is now becoming a thing so it's time stem provided a parser.

David, would you mind adding an example to this ticket for what a hs descriptor in the wild looks like? I'll use it for stem's unit test.

Child Tickets

Attachments (4)

facebookcorewwwi_descriptor.txt (3.2 KB) - added by donncha 2 years ago.
Facebookcorewwwi.onion HS Descriptor
tor-hs-descriptor-calculate.py (6.2 KB) - added by donncha 2 years ago.
HTTPS clone URL You can clone with HTTPS or SSH. Snippets of code for calculating Tor hidden service descriptor values
tor-hs-descriptor-calculate.2.py (16.3 KB) - added by donncha 2 years ago.
HS descriptor data calculation with decryption of encrypted introduction points
0001-Use-different-hex-conversion-method-which-does-not-r.patch (1.7 KB) - added by cypherpunks 2 years ago.

Download all attachments as: .zip

Change History (24)

Changed 2 years ago by donncha

Facebookcorewwwi.onion HS Descriptor

comment:1 in reply to: ↑ description Changed 2 years ago by dgoulet

Replying to atagar:

Months ago asn asked us for this but I said 'not until tor provides a way of actually... well, getting it'. With #14847 this is now becoming a thing so it's time stem provided a parser.

David, would you mind adding an example to this ticket for what a hs descriptor in the wild looks like? I'll use it for stem's unit test.

Here it is, a duckduckgo hs descriptor (3g2upl4pq6kufc4m.onion)

The "introduction-points" part is base64 encoded.

rendezvous-service-descriptor y3olqqblqw2gbh6phimfuiroechjjafa
version 2
permanent-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE
aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg
I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=
-----END RSA PUBLIC KEY-----
secret-id-part e24kgecavwsznj7gpbktqsiwgvngsf4e
publication-time 2015-02-23 20:00:00
protocol-versions 2,3
introduction-points
-----BEGIN MESSAGE-----
aW50cm9kdWN0aW9uLXBvaW50IGl3a2k3N3h0YnZwNnF2ZWRmcndkem5jeHMzY2th
eWV1CmlwLWFkZHJlc3MgMTc4LjYyLjIyMi4xMjkKb25pb24tcG9ydCA0NDMKb25p
b24ta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpNSUdKQW9HQkFL
OTRCRVlJSFo0S2RFa2V5UGhiTENwUlc1RVNnKzJXUFFock00eXVLWUd1cTh3Rldn
dW1aWVI5CmsvV0EvL0ZZWE1CejBiQitja3Vacy9ZdTluSytITHpwR2FwVjBjbHN0
NEdVTWNCSW5VQ3pDY3BqSlRRc1FEZ20KMy9ZM2NxaDBXNTVnT0NGaG9tUTQvMVdP
WWc3WUNqazRYWUhKRTIwT2RHMkxsNXpvdEs2ZkFnTUJBQUU9Ci0tLS0tRU5EIFJT
QSBQVUJMSUMgS0VZLS0tLS0Kc2VydmljZS1rZXkKLS0tLS1CRUdJTiBSU0EgUFVC
TElDIEtFWS0tLS0tCk1JR0pBb0dCQUpYbUpiOGxTeWRNTXFDZ0NnZmd2bEIyRTVy
cGQ1N2t6L0FxZzcvZDFIS2MzK2w1UW9Vdkh5dXkKWnNBbHlrYThFdTUzNGhsNDFv
cUVLcEFLWWNNbjFUTTB2cEpFR05WT2MrMDVCSW54STloOWYwTWcwMVBEMHRZdQpH
Y0xIWWdCemNyZkVtS3dNdE04V0VtY01KZDduMnVmZmFBdko4NDZXdWJiZVY3TVcx
WWVoQWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBVQkxJQyBLRVktLS0tLQppbnRyb2R1
Y3Rpb24tcG9pbnQgZW00Z2prNmVpaXVhbGhtbHlpaWZyemM3bGJ0cnNiaXAKaXAt
YWRkcmVzcyA0Ni40LjE3NC41Mgpvbmlvbi1wb3J0IDQ0Mwpvbmlvbi1rZXkKLS0t
LS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQUxCbWhkRjV3SHhI
cnBMU21qQVpvdHR4MjIwKzk5NUZkTU9PdFpOalJ3MURCU3ByVVpacXR4V2EKUDhU
S3BIS3p3R0pLQ1ZZSUlqN2xvaGJ2OVQ5dXJtbGZURTA1VVJHZW5ab2lmT0ZOejNZ
d01KVFhTY1FFQkoxMAo5aVdOTERUc2tMekRLQ0FiR2hibi9NS3dPZllHQmhOVGxq
ZHlUbU5ZNUVDUmJSempldjl2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBVQkxJQyBL
RVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMgS0VZLS0t
LS0KTUlHSkFvR0JBTXhNSG9BbXJiVU1zeGlJQ3AzaVRQWWdobjBZdWVLSHgyMTl3
dThPL1E1MVF5Y1ZWTHBYMjdkMQpoSlhrUEIzM1hRQlhzQlM3U3hzU3NTQ1EzR0V1
clFKN0d1QkxwWUlSL3Zxc2FrRS9sOHdjMkNKQzVXVWh5RkZrCisxVFdJVUk1dHhu
WEx5V0NSY0tEVXJqcWRvc0RhRG9zZ0hGZzIzTW54K3hYY2FRL2ZyQi9BZ01CQUFF
PQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlvbi1wb2lu
dCBqcWhmbDM2NHgzdXBlNmxxbnhpem9sZXdsZnJzdzJ6eQppcC1hZGRyZXNzIDYy
LjIxMC44Mi4xNjkKb25pb24tcG9ydCA0NDMKb25pb24ta2V5Ci0tLS0tQkVHSU4g
UlNBIFBVQkxJQyBLRVktLS0tLQpNSUdKQW9HQkFQVWtxeGdmWWR3MFBtL2c2TWJo
bVZzR0tsdWppZm1raGRmb0VldXpnbyt3bkVzR3Z3VWVienJ6CmZaSlJ0MGNhWEZo
bkNHZ1FEMklnbWFyVWFVdlAyNGZYby80bVl6TGNQZUk3Z1puZXVBUUpZdm05OFl2
OXZPSGwKTmFNL1d2RGtDc0ozR1ZOSjFIM3dMUFFSSTN2N0tiTnVjOXRDT1lsL3Iw
OU9oVmFXa3phakFnTUJBQUU9Ci0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K
c2VydmljZS1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pB
b0dCQUxieDhMZXFSb1Avcjl3OWhqd0Q0MVlVbTdQbzY5N3hSdHl0RjBNY3lMQ1M3
R1JpVVluamk3S1kKZmVwWGR2Ti9KbDVxUUtISUJiNjAya3VPVGwwcE44UStZZUZV
U0lJRGNtUEJMcEJEaEgzUHZyUU1jR1ZhaU9XSAo4dzBITVpDeGd3QWNDQzUxdzVW
d2l1bXhFSk5CVmNac094MG16TjFDbG95KzkwcTBsRlhMQWdNQkFBRT0KLS0tLS1F
TkQgUlNBIFBVQkxJQyBLRVktLS0tLQoK
-----END MESSAGE-----
signature
-----BEGIN SIGNATURE-----
VKMmsDIUUFOrpqvcQroIZjDZTKxqNs88a4M9Te8cR/ZvS7H2nffv6iQs0tom5X4D
4Dy4iZiy+pwYxdHfaOxmdpgMCRvgPb34MExWr5YemH0QuGtnlp5Wxr8GYaAQVuZX
cZjQLW0juUYCbgIGdxVEBnlEt2rgBSM9+1oR7EAfV1U=
-----END SIGNATURE-----

comment:2 Changed 2 years ago by atagar

Thanks! Threw together a quick parser in my hidden_service_descriptor branch...

https://gitweb.torproject.org/user/atagar/stem.git/commit/?id=fb46630

Bits remaining are...

  • Support the introduction-points field. It's a bit special.
  • Issue tickets for some of these 'TODO' notes.
  • Unit tests for malformed content.
  • Validate that the signature matches the descriptor content.

comment:3 Changed 2 years ago by atagar

Hi all. I've added introductory-points support, filed #15009 (@type for these documents), and #15010 (rend-spec clarifications).

At this point ball's back in your court. To proceed I need an example of a hidden service descriptor that has an encrypted introductory-points, and the cookie to decrypt it. Bonus points if you also have a python snippet that exemplifies how to decrypt it. :)

Thanks! -Damian

comment:4 Changed 2 years ago by donncha

I've fetched a HS descriptor which is encrypted with basic authentication, and one which is using stealth authentication:

# Basic Authentication
rendezvous-service-descriptor yfmvdrkdbyquyqk5vygyeylgj2qmrvrd
version 2
permanent-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBANHC3bZRrlFFlSu22u18wBG57JpvIhglJE+u0ctMwTnw6iyJJqqxgU6U
R1gnXJlorQYDC5eHoM8nbBJu7LvUjYnqINz+En+FlpZhT+eqLk0v83IB4r0Fd6Bg
ypYLygEXUfh0bwHwYfF4mkvl6YOB6I6G5jHC46I3LH15qrdHW40FAgMBAAE=
-----END RSA PUBLIC KEY-----
secret-id-part fluw7z3s5cghuuirq3imh5jjj5ljips6
publication-time 2015-02-24 20:00:00
protocol-versions 2,3
introduction-points
-----BEGIN MESSAGE-----
AQEAi3xIJz0Qv97ug9kr4U0UNN2kQhkddPHuj4op3cw+fgMLqzPlFBPAJgaEKc+g
8xBTRKUlvfkXxocfV75GyQGi2Vqu5iN1SbI5Uliu3n8IiUina5+WaOfUs9iuHJIK
cErgfT0bUfXKDLvW6/ncsgPdb6kb+jjT8NVhR4ZrRUf9ASfcY/f2WFNTmLgOR3Oa
f2tMLJcAck9VbCDjKfSC6e6HgtxRFe9dX513mDviZp15UAHkjJSKxKvqRRVkL+7W
KxJGfLY56ypZa4+afBYT/yqLzY4C47/g5TTTx9fvsdp0uQ0AmjF4LeXdZ58yNjrp
Da63SrgQQM7lZ3k4LGXzDS20FKW2/9rpWgD78QLJGeKdHngD3ERvTX4m43rtEFrD
oB/4l2nl6fh0507ASYHy7QQQMcdjpN0OWQQKpL9SskZ8aQw1dY4KU28Gooe9ff+B
RGm6BlVzMi+HGcqfMpGwFfYopmqJuOXjNlX7a1jRwrztpJKeu4J9iSTiuSOEiQSq
kUyHRLO4rWJXa2/RMWfH4XSgdUaWFjOF6kaSwmI/pRZIepi/sX8BSKm+vvOnOtlr
Tz2DVSiA2qM+P3Br9qNTDUmTu9mri6fRzzVnj+ybdTQXn60jwPw4vj4xmvVTkjfZ
ZB2gw2+sAmZJA5pnLNGu4N8veo1Jiz7FLE0m+7yjXbcBc/GHWGTJa0Sa1Hwfp82t
ohagQlRYKhLaRrM6ZvjnPMH5dqT/ypfBXcIQAh6td1+e1Hf/uXZPM/ZrgHeCJqF+
PvLDuu4TYxOod+elZE5LfwDFPzCcMA8XNuuDzGQOFOMh9o4xTbQchyRSfhDGev/H
HpY9qxRyua+PjDCmE/F3YiFy77ITJLhCyYEdzVw43hCVY52inEauvHRzqTl7Lc53
PhnSIW6rDWsrrSMWApCC5WRSOSKfh0u4vO13bVLTb/QmuvMEhGiXDVI3/0NEpqKF
ewqyiG9Dvv67A3/IjTe3aMRGfWREHFnEG9bonn03uoufgmQb4h9ci9+QU52sl16F
rxRpxLyMRp8dpUzZbK3qxtASp09Lc2pdgItWcMMTtPObcd7KVV/xkVqm3ezaUbRF
Nw5qDFxkG85ohTvFt3wnfxkpytMhWoBv9F0ZMEFRLY2j+cb8IqXN5dyz6rGqgSYY
dtItQvI7Lq3XnOSFy3uCGC9Vzr6PRPQIrVH/56rSRaEyM8TgVWyaQQ3xm26x9Fe2
jUg50lG/WVzsRueBImuai1KCRC4FB/cg/kVu/s+5f5H4Z/GSD+4UpDyg3i2RYuy9
WOA/AGEeOLY5FkOTARcWteUbi6URboaouX2lnAXK6vX6Ysn8HgE9JATVbVC/96c9
GnWaf9yCr6Q0BvrHkS7hsJJj+VwaNPW4POSqhL+p0p+2eSWZVMlFFxNr+BNKONk+
RAssIHF1xVRHzzl75wjzhzuq0A0crHcHb64P+glkPt4iI7SqejyCrMQh6BWia6RT
c+NwXTnbcibB56McF+xWoyHne6dg1F0urA61JfQboyWOy+Z+cNPjEIcwWhJr/+Gx
v7/yf3V1kNECa90L7BeUmFGKxL7SvgyapevWqkIQCZEcOnobXQRdWUmNqSoZmOxB
u5eDcvrdF9p5wG5IStpzO9OConG3SQb46S9OSU3O7PnjKFId6KRIM7VsprMIIBTz
HKy6ufKyMXgyxxnvE5TZQcLzA4Wv8vHWET3t3WSQEwSPx45IAbjsE587YNOkjK1X
HNT3ypfRdJacxtttR7Y5Y/XF4tJmXkCfb5RoEqIPrQTmiLYh0h02i6CqeFK9u7j/
yAdKY3NrCBuqPM4mWCdjvtgC9i1Q98LCDiVESRrvLlfvv3iWozDUZ3qIU4TnSgti
U5+xKrmlKcWHHgADS56IECgCQyr2nZEhcNK7vKvg+KgA667tRm7M35w9eHz+J7lg
x5v5GYPH4J1UjPEb5Cwl+Vlr0XIqbhMX9MZWimpOJ0l5TisOLuTJ9ennREsFPZjN
U4IZQht7gifFlemn7D4a+UXHu95bHxDBMPJky7iYc2U3r50+JWRF+LO1L2TNDQlV
iPO8AOoI0V0cGaYE+0ZUgpUDk8fxUH5CAPCn+dbsqDh165G6590cF9eF4/yrlf2V
nbhZipPQyOTrmiCkBPQ1zuXYyfFHrJL7yK4ykiBV8c/VLT8nxeKfPwW3USKOScnx
k68qqFZ6lNFxlDwPAJR3F2H+PN5JZ8H1lTE56ujgTBpArXMPYpKri4a0lG+8QnYK
D6jOJIli5QtVQxES4X64NDwducoGHnquMZs3ScvJQPSOuTvuqaad4FrTCZGbv6Ic
emUAHDsxjffMQ9IJYulluCTVWgS/AiBk31yiUB0GsAqZYcWz5kKgTpOXBQhulACM
waokEqbyH2Vtvc1peiPi+Vh6EhTSiDoEVZ2w9GrOnjgpyK6zxzH0aIhJJxlQu8it
w+xj/3+79Bf8myVesgzCWvXbkmvc6jJaoHGopV8lTM2JUn4xYCSz71Bt4wQBKZX4
hFXDlDZaY1k/QRP/zTfQ8pjbcohDgUVW8eftJz3ND5Iy8D3nRF9/BQB3PWox4vyQ
Fj94Eoe8NmEArIKWjUoSkn+EDgNcdHGBIaQ5is0N8r9n4E2cgMj57i4Fm37k8c6+
hlilrggVJ8qTBGs57M0ldqRLwt1bM6SkU//oMGel7Ft3EDd98W/6RXRkmAbsLhRx
7VMb4WCUBrIZLxo1/StwHa13RyTHAt0GKPu549l3oTZezsSad8vlurbnIbxtK9Cl
hp6mYPd3Djoe5OaLe8Gnu23ko+S2+kfHIjOwkza9R5w6AzLjkjYS3C8oRwuxKOft
lj/7xMZWDrfyw5H86L0QiaZnkmD+nig1+S+Rn39mmuEgl2iwZO/ihlncUJQTEULb
7IHpmofr+5ya5xWeo/BFQhulTNr2fJN0bPkVGfp+
-----END MESSAGE-----
signature
-----BEGIN SIGNATURE-----
mhGQNtyvf5QqeFrn1SNzdp8wN5bhEH5gxZhST5t4pFxxNCv3//ZgaQ83kIzcwex9
xzgGREFHpTrqVPXXs8nZZgMpmnhWuloAyT1c3HSCvjnbWXX9Y82wPbVV5OYx1CYb
jLides7vbdQuS0UwEkcGMl62Ripwi0pkesgw9ZvJy+k=
-----END SIGNATURE-----

# Stealth Authentication
rendezvous-service-descriptor ubf3xeibzlfil6s4larq6y5peup2z3oj
version 2
permanent-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAL1f7GdEObH+xMhf4GsaTCtfVH7ZpanegC65jn0/Kz9wlkpF+SQdIvTu
Ha2iZB34GDT2PvTy98chSxz+E3Kv2h45pQWbrwLN3Fj4qa+klclIXWcIa7GT4Pct
YZzAvHIh9t9EAe6ejYu8I+h4yL6QNAA2bYOi1d66+qCNCAFBgAqpAgMBAAE=
-----END RSA PUBLIC KEY-----
secret-id-part jczvydhzetbpdiylj3d5nsnjvaigs7xm
publication-time 2015-02-24 20:00:00
protocol-versions 2,3
introduction-points
-----BEGIN MESSAGE-----
AgEdbps604RR6lqeyoZBzOb6+HvlL2cDt63w8vBtyRaLirq5ZD5GDnr+R0ePj71C
nC7qmRWuwBmzSdSd0lOTaSApBvIifbJksHUeT/rq03dpnnRHdHSVqSvig6bukcWJ
LgJmrRd3ES13LXVHenD3C6AZMHuL9TG+MjLO2PIHu0mFO18aAHVnWY32Dmt144IY
c2eTVZbsKobjjwCYvDf0PBZI+B6H0PZWkDX/ykYjArpLDwydeZyp+Zwj4+k0+nRr
RPlzbHYoBY9pFYDUXDXWdL+vTsgFTG0EngLGlgUWSY5U1T1Db5HfOqc7hbqklgs/
ULG8NUY1k41Wb+dleJI28/+ZOM9zOpHcegNx4Cn8UGbw/Yv3Tj+yki+TMeOtJyhK
PQP8NWq8zThiVhBrfpmVjMYkNeVNyVNoxRwS6rxCQjoLWSJit2Mpf57zY1AOvT1S
EqqFbsX+slD2Uk67imALh4pMtjX29VLIujpum3drLhoTHDszBRhIH61A2eAZqdJy
7JkJd1x/8x7U0l8xNWhnj/bhUHdt3OrCvlN+n8x6BwmMNoLF8JIsskTuGHOaAKSQ
WK3z0rHjgIrEjkQeuQtfmptiIgRB9LnNr+YahRnRR6XIOJGaIoVLVM2Uo2RG4MS1
2KC3DRJ87WdMv2yNWha3w+lWt/mOALahYrvuNMU8wEuNXSi5yCo1OKirv+d5viGe
hAgVZjRymBQF+vd30zMdOG9qXNoQFUN49JfS8z5FjWmdHRt2MHlqD2isxoeabERY
T4Q50fFH8XHkRRomKBEbCwy/4t2DiqcTOSLGOSbTtf7qlUACp2bRth/g0ySAW8X/
CaWVm53z1vdgF2+t6j1CnuIqf0dUygZ07HEAHgu3rMW0YTk04QkvR3jiKAKijvGH
3YcMJz1aJ7psWSsgiwn8a8Cs4fAcLNJcdTrnyxhQI4PMST/QLfp8nPYrhKEeifTc
vYkC4CtGuEFkWyRifIGbeD7FcjkL1zqVNu31vgo3EIVbHzylERgpgTIYBRv7aV7W
X7XAbrrgXL0zgpI0orOyPkr2KRs6CcoEqcc2MLyB6gJ5fYAm69Ige+6gWtRT6qvZ
tJXagfKZivLj73dRD6sUqTCX4tmgo7Q8WFSeNscDAVm/p4dVsw6SOoFcRgaH20yX
MBa3oLNTUNAaGbScUPx2Ja3MQS0UITwk0TFTF7hL++NhTvTp6IdgQW4DG+/bVJ3M
BRR+hsvSz5BSQQj2FUIAsJ+WoVK9ImbgsBbYxSH60jCvxTIdeh2IeUzS2T1bU9AU
jOLzcJZmNh95Nj2Qdrc8/0gin9KpgPmuPQ6CyH3TPFy88lf19v9jHUMO4SKEr7am
DAjbX3D7APKgHyZ61CkuoB3gylIRb8rRJD2ote38M6A1+04yJL/jG+PCL1UnMWdL
yJ4f4LzI9c4ksnGyl9neq0IHnA0Nlky6dmgmE+vLi6OCbEEs2v132wc5PIxRY+TW
8JWu+3wUA4tj5uQvQRqU9/lmoHG/Jxubx/HwdD9Ri17G+qX8re5sySmmq7rcZEGJ
LVrlFuvA0NdoTM4AZY23iR6trJ/Ba2Q4pQk4SfOEMSoZJmf0UbxIP0Ez6Fb+Dxzk
WKXfI+D0ScuVjzV0bs8iXTrCcynztRKndNbtpd39hGAR0rNqvnHyQGYV75bWm5dS
0S0PQ6DOzicLxjNXZFicQvwfieg9VyJikWLFLu4zAbzHnuoRk6b2KbSU4UCG/BCz
mHqz4y6GfsncsNkmFmsD5Gn9UrloWcEWgIDL05yIikL+L9DPLnNlSYtehDfxlhvh
xHzY/Rad4Nzxe62yXhSxhROLTXIolllyOFJgqZ4hBlXybBqJH7sZUll6PUpDwZdu
BK14pzMIpfxq2eYp8jI7fh4lU9YrkuSUM0Ewa7HfrltAgxMhHyaFjfINt61P9OlO
s3nuBY17+KokaSWjACkCimVLH13H5DRhfX8OBRT4LeRMUspX3cyKbccwpOmoBf4y
WPM9QXw7nQy2hwnuX6NiK5QfeCGfY64M06J2tBGcCDmjPSIcJgMcyY7jfH9yPlDt
SKyyXpZnFOJplS2v28A/1csPSGy9kk/uGN0hfFULH4VvyAgNDYzmeOd8FvrbfHH2
8BUTI/Tq2pckxwCYBWHcjSdXRAj5moCNSxCUMtK3kWFdxLFYzoiKuiZwq171qb5L
yCHMwNDIWEMeC75XSMswHaBsK6ON0UUg5oedQkOK+II9L/DVyTs3UYJOsWDfM67E
312O9/bmsoHvr+rofF7HEc74dtUAcaDGJNyNiB+O4UmWbtEpCfuLmq2vaZa9J7Y0
hXlD2pcibC9CWpKR58cRL+dyYHZGJ4VKg6OHlJlF+JBPeLzObNDz/zQuEt9aL9Ae
QByamqGDGcaVMVZ/A80fRoUUgHbh3bLoAmxLCvMbJ0YMtRujdtGm8ZD0WvLXQA/U
dNmQ6tsP6pyVorWVa/Ma5CR7Em5q7M6639T8WPcu7ETTO19MnWud2lPJ5A==
-----END MESSAGE-----
signature
-----BEGIN SIGNATURE-----
c8HgXcZesCwAzgDlE3kRYsq059yCIE7MH7r2jBHqJVYPRrtm/HF/mTUykwFPzwsY
ulcuoNlPfgGMKS8qBL4kFVZ9uR2Y6P4zLchoVS6wjL+cNYOQfeQs3sNZkiIrOjbb
590tr1/yrt0qUtITGhUGhBZVs9gvkuqaThTIXleEseI=
-----END SIGNATURE-----

Here are the keys for that hidden service:

# Basic Auth Hostname
xpe5atmz5d26k26e.onion dCmx3qIvArbil8A0KM4KgQ # client: admin

# Stealth Auth Hostname
tosbmbgysyldansp.onion dCmx3qIvArbil8A0KM4KgR # client: admin

# Stealth Auth Client Keys
client-name admin
descriptor-cookie dCmx3qIvArbil8A0KM4KgQ==
client-key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC9X+xnRDmx/sTIX+BrGkwrX1R+2aWp3oAuuY59Pys/cJZKRfkk
HSL07h2tomQd+Bg09j708vfHIUsc/hNyr9oeOaUFm68CzdxY+KmvpJXJSF1nCGux
k+D3LWGcwLxyIfbfRAHuno2LvCPoeMi+kDQANm2DotXeuvqgjQgBQYAKqQIDAQAB
AoGAC7Mudt7XNbEI1VxfEB7qz88u+DtYKduOTdS3AfPyJxQ8pNAX6WxHaZyAhua+
ir92N2dzUkzklA/xhRQJfY9xyUruu8aOrBW6UzZE76s2PQyClgU2jWUi3PVDjoag
7CrKkBM3/IPq34b6IEIffp68iOFIhStjQHBUpnMlHuBzrAUCQQDyl2JtQAoOK17x
ZePx8u/jSxnbT2b6vQQ9334KKrEagFmdfHx8uBktkjWgdM2nrX4/TUqgAke3Iz/v
CIN82mQTAkEAx9eI7KaRyts3EQ4vNJIDxZOglVVIR09xMFhXWfqYRE2PdthqG82E
JKAJMf9MYYd69XTqjdUud2lxMfkKeM4V0wJAUEAkH1//85AFaHX8Yh2rndVKSHKL
7oZ40L8OQu68h7fN7Xsw81Ezgw/LDbmWDtIl4WsANM6MStkuXTTDypm0YQJBAJx9
c4OdjF1F/IEmkmCgVsPJLt7Bwa/VzdUF2KFlUwdplQaDwdOzw97KU2kLekyFQwwj
WelnHtPzheiUFFc1SnECQClXuBVw/mIoac6mbuw83uhLwSip3Aid8NpDgqQKNQAP
pRDzVrFeiNNWcvTfiZyM4HvXAK2xD+XNSi8CtSu3zuQ=
-----END RSA PRIVATE KEY-----

comment:5 follow-up: Changed 2 years ago by atagar

Fantastic, thanks! I'll look into finishing HS descriptor support and merging this next weekend. :P

Changed 2 years ago by donncha

HTTPS clone URL You can clone with HTTPS or SSH. Snippets of code for calculating Tor hidden service descriptor values

comment:6 in reply to: ↑ 5 Changed 2 years ago by donncha

Replying to atagar:

Fantastic, thanks! I'll look into finishing HS descriptor support and merging this next weekend. :P

I've added some code for calculating the HS descriptors fields, hopefully it helps if you haven't got around to figuring it out yet!

comment:7 Changed 2 years ago by atagar

  • Keywords descriptor added

comment:8 Changed 2 years ago by atagar

Gonna show some naivety but tried decrypting the introduction-points in the basic auth example. Can you spot what I'm doing wrong?

import base64

from Crypto.Cipher import AES

INTRODUCTION_POINTS = """\
AQEAi3xIJz0Qv97ug9kr4U0UNN2kQhkddPHuj4op3cw+fgMLqzPlFBPAJgaEKc+g
8xBTRKUlvfkXxocfV75GyQGi2Vqu5iN1SbI5Uliu3n8IiUina5+WaOfUs9iuHJIK
cErgfT0bUfXKDLvW6/ncsgPdb6kb+jjT8NVhR4ZrRUf9ASfcY/f2WFNTmLgOR3Oa
f2tMLJcAck9VbCDjKfSC6e6HgtxRFe9dX513mDviZp15UAHkjJSKxKvqRRVkL+7W
KxJGfLY56ypZa4+afBYT/yqLzY4C47/g5TTTx9fvsdp0uQ0AmjF4LeXdZ58yNjrp
Da63SrgQQM7lZ3k4LGXzDS20FKW2/9rpWgD78QLJGeKdHngD3ERvTX4m43rtEFrD
oB/4l2nl6fh0507ASYHy7QQQMcdjpN0OWQQKpL9SskZ8aQw1dY4KU28Gooe9ff+B
RGm6BlVzMi+HGcqfMpGwFfYopmqJuOXjNlX7a1jRwrztpJKeu4J9iSTiuSOEiQSq
kUyHRLO4rWJXa2/RMWfH4XSgdUaWFjOF6kaSwmI/pRZIepi/sX8BSKm+vvOnOtlr
Tz2DVSiA2qM+P3Br9qNTDUmTu9mri6fRzzVnj+ybdTQXn60jwPw4vj4xmvVTkjfZ
ZB2gw2+sAmZJA5pnLNGu4N8veo1Jiz7FLE0m+7yjXbcBc/GHWGTJa0Sa1Hwfp82t
ohagQlRYKhLaRrM6ZvjnPMH5dqT/ypfBXcIQAh6td1+e1Hf/uXZPM/ZrgHeCJqF+
PvLDuu4TYxOod+elZE5LfwDFPzCcMA8XNuuDzGQOFOMh9o4xTbQchyRSfhDGev/H
HpY9qxRyua+PjDCmE/F3YiFy77ITJLhCyYEdzVw43hCVY52inEauvHRzqTl7Lc53
PhnSIW6rDWsrrSMWApCC5WRSOSKfh0u4vO13bVLTb/QmuvMEhGiXDVI3/0NEpqKF
ewqyiG9Dvv67A3/IjTe3aMRGfWREHFnEG9bonn03uoufgmQb4h9ci9+QU52sl16F
rxRpxLyMRp8dpUzZbK3qxtASp09Lc2pdgItWcMMTtPObcd7KVV/xkVqm3ezaUbRF
Nw5qDFxkG85ohTvFt3wnfxkpytMhWoBv9F0ZMEFRLY2j+cb8IqXN5dyz6rGqgSYY
dtItQvI7Lq3XnOSFy3uCGC9Vzr6PRPQIrVH/56rSRaEyM8TgVWyaQQ3xm26x9Fe2
jUg50lG/WVzsRueBImuai1KCRC4FB/cg/kVu/s+5f5H4Z/GSD+4UpDyg3i2RYuy9
WOA/AGEeOLY5FkOTARcWteUbi6URboaouX2lnAXK6vX6Ysn8HgE9JATVbVC/96c9
GnWaf9yCr6Q0BvrHkS7hsJJj+VwaNPW4POSqhL+p0p+2eSWZVMlFFxNr+BNKONk+
RAssIHF1xVRHzzl75wjzhzuq0A0crHcHb64P+glkPt4iI7SqejyCrMQh6BWia6RT
c+NwXTnbcibB56McF+xWoyHne6dg1F0urA61JfQboyWOy+Z+cNPjEIcwWhJr/+Gx
v7/yf3V1kNECa90L7BeUmFGKxL7SvgyapevWqkIQCZEcOnobXQRdWUmNqSoZmOxB
u5eDcvrdF9p5wG5IStpzO9OConG3SQb46S9OSU3O7PnjKFId6KRIM7VsprMIIBTz
HKy6ufKyMXgyxxnvE5TZQcLzA4Wv8vHWET3t3WSQEwSPx45IAbjsE587YNOkjK1X
HNT3ypfRdJacxtttR7Y5Y/XF4tJmXkCfb5RoEqIPrQTmiLYh0h02i6CqeFK9u7j/
yAdKY3NrCBuqPM4mWCdjvtgC9i1Q98LCDiVESRrvLlfvv3iWozDUZ3qIU4TnSgti
U5+xKrmlKcWHHgADS56IECgCQyr2nZEhcNK7vKvg+KgA667tRm7M35w9eHz+J7lg
x5v5GYPH4J1UjPEb5Cwl+Vlr0XIqbhMX9MZWimpOJ0l5TisOLuTJ9ennREsFPZjN
U4IZQht7gifFlemn7D4a+UXHu95bHxDBMPJky7iYc2U3r50+JWRF+LO1L2TNDQlV
iPO8AOoI0V0cGaYE+0ZUgpUDk8fxUH5CAPCn+dbsqDh165G6590cF9eF4/yrlf2V
nbhZipPQyOTrmiCkBPQ1zuXYyfFHrJL7yK4ykiBV8c/VLT8nxeKfPwW3USKOScnx
k68qqFZ6lNFxlDwPAJR3F2H+PN5JZ8H1lTE56ujgTBpArXMPYpKri4a0lG+8QnYK
D6jOJIli5QtVQxES4X64NDwducoGHnquMZs3ScvJQPSOuTvuqaad4FrTCZGbv6Ic
emUAHDsxjffMQ9IJYulluCTVWgS/AiBk31yiUB0GsAqZYcWz5kKgTpOXBQhulACM
waokEqbyH2Vtvc1peiPi+Vh6EhTSiDoEVZ2w9GrOnjgpyK6zxzH0aIhJJxlQu8it
w+xj/3+79Bf8myVesgzCWvXbkmvc6jJaoHGopV8lTM2JUn4xYCSz71Bt4wQBKZX4
hFXDlDZaY1k/QRP/zTfQ8pjbcohDgUVW8eftJz3ND5Iy8D3nRF9/BQB3PWox4vyQ
Fj94Eoe8NmEArIKWjUoSkn+EDgNcdHGBIaQ5is0N8r9n4E2cgMj57i4Fm37k8c6+
hlilrggVJ8qTBGs57M0ldqRLwt1bM6SkU//oMGel7Ft3EDd98W/6RXRkmAbsLhRx
7VMb4WCUBrIZLxo1/StwHa13RyTHAt0GKPu549l3oTZezsSad8vlurbnIbxtK9Cl
hp6mYPd3Djoe5OaLe8Gnu23ko+S2+kfHIjOwkza9R5w6AzLjkjYS3C8oRwuxKOft
lj/7xMZWDrfyw5H86L0QiaZnkmD+nig1+S+Rn39mmuEgl2iwZO/ihlncUJQTEULb
7IHpmofr+5ya5xWeo/BFQhulTNr2fJN0bPkVGfp+\
"""

BASIC_AUTH_KEY = "dCmx3qIvArbil8A0KM4KgQ=="

introduction_points_content = base64.b64decode(''.join(INTRODUCTION_POINTS.split('\n')))

input_vector = introduction_points_content[:16]
cipher = AES.new(base64.b64decode(BASIC_AUTH_KEY), AES.MODE_CTR, counter = lambda: input_vector)
print cipher.decrypt(introduction_points_content[16:])

comment:9 Changed 2 years ago by atagar

I went ahead and merged support for hidden service descriptors. Like server descriptors, we validate our signature's integrity if pycrypto is available.

This does not yet support encrypted introduction-points, help or a patch would be appreciated for that.

comment:10 Changed 2 years ago by atagar

Snippets of code for calculating Tor hidden service descriptor values

The onion address isn't part of the descriptor, but other than that I suspect it would be nice to add some of those checks to our unit tests or validation. Patch welcome. :P

comment:11 Changed 2 years ago by donncha

Nice work on getting the hidden service descriptor parsing merged into stem. I've implemented the decryption of basic and stealth type encrypted introduction points. The updated code is on Github and I have attached it to the ticket. Hope that helps!

Changed 2 years ago by donncha

HS descriptor data calculation with decryption of encrypted introduction points

comment:12 Changed 2 years ago by atagar

Perfect! Thanks, I'll give this a shot over the weekend.

comment:13 follow-up: Changed 2 years ago by atagar

Support for encrypted introduction-points added, thanks donncha! Think we're all done here so now just waiting for the controller method in #14847.

One additional piece of test data I'd appreciate is a hidden service descriptor that's encrypted but has service-authentication lines.

According to the spec the descriptor can have encrypted introduction-points prefixed with those lines in plaintext. Our present implementation should support that but presently we lack any test coverage for it. This is kinda odd behavior so it would be a good thing to have a test for.

comment:14 Changed 2 years ago by donncha

Perfect! I've just had a look at the code and it doesn't look like the 'service-authentication' field is actually implemented in Tor. Is this an out-of-date reference in the rend-spec. Was 'service-authentication' implemented in tor previously?

# grep -R 'service-authentication' tor/*
#

comment:15 Changed 2 years ago by atagar

Interesting! Shot Nick a ticket to check: #15190

comment:16 in reply to: ↑ 13 Changed 2 years ago by cypherpunks

Replying to atagar:

Support for encrypted introduction-points added, thanks donncha! Think we're all done here so now just waiting for the controller method in #14847.

The commit fails on two unit tests on Python 3.

python3 ./run_tests.py --unit --test test.unit.descriptor.hidden_service_descriptor.test_with_basic_auth
python3 ./run_tests.py --unit --test test.unit.descriptor.hidden_service_descriptor.test_with_stealth_auth

Both tests raise TypeErrors caused by the hex conversion going wrong. The patch uses a different method for hex conversion which does not raise TypeErrors.

comment:17 Changed 2 years ago by atagar

Thanks cypherpunks! Fixed.

comment:18 Changed 2 years ago by cypherpunks

The raised DecryptionFailure on ValueError still misses some slicing. The patch would be;

diff --git a/stem/descriptor/hidden_service_descriptor.py b/stem/descriptor/hidden_service_descriptor.py
index 8c3ce7d..b0a9551 100644
--- a/stem/descriptor/hidden_service_descriptor.py
+++ b/stem/descriptor/hidden_service_descriptor.py
@@ -317,7 +317,7 @@ class HiddenServiceDescriptor(Descriptor):
     try:
       client_blocks = int(binascii.hexlify(content[1:2]), 16)
     except ValueError:
-      raise DecryptionFailure("When using basic auth the content should start with a number of blocks but wasn't a hex digit: %s" % binascii.hexlify(content[1]))
+      raise DecryptionFailure("When using basic auth the content should start with a number of blocks but wasn't a hex digit: %s" % binascii.hexlify(content[1:2]))
 
     # parse the client id and encrypted session keys

comment:19 Changed 2 years ago by atagar

Good catch! Thanks, fixed.

comment:20 Changed 2 years ago by atagar

  • Resolution set to implemented
  • Status changed from new to closed

Wonder why I left this open. This is now a thing, resolving.

Note: See TracTickets for help on using tickets.