Opened 13 months ago

Last modified 4 months ago

#22817 needs_revision enhancement

SAFECOOKIE description in control spec does not have verifiable test vectors

Reported by: amphetamine Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-spec, 033-triage-20180320, 033-removed-20180320
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The SAFECOOKIE documentation in https://gitweb.torproject.org/torspec.git/tree/control-spec.txt describes the hashing process, but doesn't provide verifiable sample input/output pairs that would be hugely helpful for implementing it.

I worked around this by using the server hash reported by the Tor server and access to the Stem code to verify the expected inputs and outputs, but this is a lot of extra overhead beyond the spec document.

A possible example of useful information:

example server hash: F917E3B73CBEDC66A85EBD60F25E100552B89645FDEC87D69E9BD4E81E25B604
example server nonce: F8B52E3424733A4081FCCD2A64FC9C67F0FD3A9639C1E09D5558C3B4B9B973E1
example client nonce: 3b
example client hash: c6213ce626df95c1b5f5c0b4fe77c8ff1a05c7fd7f5e5a9843d2b4d009b5d340

The above vectors should be decoded to bytes and input to an HMAC initialized with the appropriate server-to-controller initialization key described in this spec to produce a matching hex string as provided by the Tor process in its AUTHCHALLENGE reply. The same vectors should also be decoded to bytes and input to an HMAC initialized with the appropriate controller-to-server initialization key described in this spec to produce the client hash.

Child Tickets

Change History (9)

comment:1 Changed 13 months ago by arma

Component: - Select a componentCore Tor/Tor
Keywords: torspec added

comment:2 Changed 13 months ago by arma

Keywords: tor-spec added; torspec removed

switch to tor-spec keyword like most tickets seem to use

comment:3 Changed 13 months ago by teor

Milestone: Tor: 0.3.2.x-final
Status: newneeds_revision

Let's treat the text after "A possible example of useful information:" as a draft patch and add it to torspec in an appendix, and then reference that appendix in the sections for each of the commands that are used.

Here's how I would revise it:

  • provide an example session transcript with commands, so it's clear which commands correspond to which test vectors

Here's how I would test it:

  • run it through at least two existing implementations

comment:4 Changed 13 months ago by amphetamine

Here's a Python session transcript:

python
Python 2.7.12 (default, Nov 19 2016, 06:48:10) 
[GCC 5.4.0 20160609] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import stem.util.connection
>>> import binascii
>>> 
>>> expected_server_hash = "f97294895a4c9b3fe04c390f1b3bcda886e54501220726e075140ff636fe0d91"
>>> expected_client_hash = "02b6f2e708dffb47efcddbfdc08d24d3f9f87bb416a057b4cf5e553e56125bbb"
>>> client_nonce = "f0"
>>> server_nonce = "65634AA3D089F94AD841DF2F35685CCD6666086CB674D5E9DE2D516BD2E7318B"
>>> cookie = "7aab85f16613633d115be5ea6722b5e0527ae72100bfb0fd64fb5b15a8fcde4b"
>>> CLIENT_HASH_CONSTANT = "Tor safe cookie authentication controller-to-server hash"
>>> SERVER_HASH_CONSTANT = "Tor safe cookie authentication server-to-controller hash"
>>> 
>>> server_hash = stem.util.connection._hmac_sha256(SERVER_HASH_CONSTANT, binascii.unhexlify(cookie + client_nonce + server_nonce)).encode('hex')
>>> client_hash = stem.util.connection._hmac_sha256(CLIENT_HASH_CONSTANT, binascii.unhexlify(cookie + client_nonce + server_nonce)).encode('hex')
>>> 
>>> expected_server_hash == server_hash
True
>>> expected_client_hash == client_hash
True

There are also passing tests for a Rust implementation starting here: https://gitlab.com/amphetamine/puccinia/blob/master/src/authentication.rs#L218

I used those tests to generate the above vectors used in Stem, so that should at least corroborate the two together.

comment:5 Changed 11 months ago by nickm

Can we put this information into a unified diff to make it easy to merge?

comment:6 Changed 10 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

We can still take this in 0.3.2, if you turn it into a patch.

comment:7 Changed 4 months ago by nickm

Keywords: 033-triage-20180320 added

Marking all tickets reached by current round of 033 triage.

comment:8 Changed 4 months ago by nickm

Keywords: 033-removed-20180320 added

Mark all not-already-included tickets as pending review for removal from 0.3.3 milestone.

comment:9 Changed 4 months ago by nickm

Milestone: Tor: 0.3.3.x-finalTor: unspecified

These tickets were marked as removed, and nobody has said that they can fix them. Let's remember to look at 033-removed-20180320 as we re-evaluate our triage process, to see whether we're triaging out unnecessarily, and to evaluate whether we're deferring anything unnecessarily. But for now, we can't do these: we need to fix the 033-must stuff now.

Note: See TracTickets for help on using tickets.