Opened 5 months ago

Last modified 9 days ago

#26698 needs_review enhancement

Authorities should put a hash of the bandwidth file in their votes

Reported by: teor Owned by:
Priority: Low Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-crypto tor-dirauth tor-bwauth
Cc: Actual Points:
Parent ID: #27047 Points:
Reviewer: teor Sponsor:

Description

After #3723 is completed, authorities will list the bandwidth file headers in their votes.
After #21377 is completed, they will make bandwidth files available at a standard URL.

But if we want to cryptographically verify the exact bandwidth file that was used in a vote, we need to put a hash of the file in the vote. Let's do it in an extensible way:

bandwidth-file hash-algo base64(hash(bandwidth-file-content))

Child Tickets

TicketTypeStatusOwnerSummary
#28359enhancementclosedSpecify bandwidth-file-hash in torspec

Change History (19)

comment:1 Changed 5 months ago by asn

Keywords: tor-dirauth added

comment:2 Changed 4 months ago by teor

Parent ID: #27047

comment:3 Changed 5 weeks ago by juga

i wonder if we should add the hash to the bandwidth file name in sbws, similar to what is done with descriptors. Though then we would need to allow giving a directory or a file (to be compatible with older versions) in V3BandwidthsFile, and then adding (or resusing?) code to find the latest file parsing the date in it.

comment:4 in reply to:  3 ; Changed 5 weeks ago by teor

Replying to juga:

i wonder if we should add the hash to the bandwidth file name in sbws, similar to what is done with descriptors. Though then we would need to allow giving a directory or a file (to be compatible with older versions) in V3BandwidthsFile, and then adding (or resusing?) code to find the latest file parsing the date in it.

We could add this feature if we want, but I think it would make the tor code much more complicated. If you want to add it, let's open a separate ticket.

This ticket is about verifying the bandwidth file that was used in a vote.

comment:5 Changed 5 weeks ago by juga

Status: newneeds_review

comment:6 in reply to:  4 Changed 5 weeks ago by juga

Replying to teor:

Replying to juga:

i wonder if we should add the hash to the bandwidth file name in sbws, similar to what is done with descriptors. Though then we would need to allow giving a directory or a file (to be compatible with older versions) in V3BandwidthsFile, and then adding (or resusing?) code to find the latest file parsing the date in it.

We could add this feature if we want, but I think it would make the tor code much more complicated.

i agree

If you want to add it, let's open a separate ticket.

This ticket is about verifying the bandwidth file that was used in a vote.

not doing it so far cause the reason above

comment:7 Changed 5 weeks ago by teor

If collector is going to use hexadecimal for the bandwidth file hash, we should use hexadecimal in the votes. I asked karsten here:
https://trac.torproject.org/projects/tor/ticket/21378#comment:17

comment:8 in reply to:  7 ; Changed 5 weeks ago by juga

Replying to teor:

If collector is going to use hexadecimal for the bandwidth file hash, we should use hexadecimal in the votes. I asked karsten here:
https://trac.torproject.org/projects/tor/ticket/21378#comment:17

i asked in IRC why we would encode the hash of a file in base 64 in a vote and i was told that we don't use raw bytes anymore.
Searching for "base64" in dir-spec.txt, gives several results, though i couldn't find a paragraph that would confirm that.

comment:9 in reply to:  8 Changed 5 weeks ago by teor

Replying to juga:

Replying to teor:

If collector is going to use hexadecimal for the bandwidth file hash, we should use hexadecimal in the votes. I asked karsten here:
https://trac.torproject.org/projects/tor/ticket/21378#comment:17

i asked in IRC why we would encode the hash of a file in base 64 in a vote and i was told that we don't use raw bytes anymore.

Directory documents never contain raw bytes.

Searching for "base64" in dir-spec.txt, gives several results, though i couldn't find a paragraph that would confirm that.

Directory documents only contain printing ASCII characters:
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n193

Although we allow some other text encodings in the contact and platform lines.

comment:10 Changed 5 weeks ago by teor

We typically use hexadecimal or base64 to encode raw bytes in directory documents.

base64 is shorter, but it doesn't work in file names.

comment:11 Changed 5 weeks ago by teor

Karsten said that they don't mind.

Since it's only in a vote, we might use hex, so humans can look at the vote, and find the bandwidth file for the vote.

comment:12 Changed 5 weeks ago by juga

Should i then use hex? (and then change this ticket to revision)

comment:13 Changed 5 weeks ago by teor

Status: needs_reviewneeds_revision

Yes, let's use hex for the hash.

comment:14 Changed 5 weeks ago by juga

Keywords: tor-bwauth added
Status: needs_revisionneeds_review

comment:15 Changed 5 weeks ago by teor

Status: needs_reviewneeds_revision

Based on the conversation in https://trac.torproject.org/projects/tor/ticket/21378#comment:26 , let's use base64-encoded SHA256.

I didn't review the code, but I did review the spec ticket.

comment:16 Changed 4 weeks ago by juga

Status: needs_revisionneeds_review

comment:17 Changed 4 weeks ago by asn

Reviewer: mikeperry

comment:18 Changed 2 weeks ago by teor

Milestone: Tor: unspecifiedTor: 0.4.0.x-final

Putting this in 0.4.0, because it's a feature with code.

Hey mikeperry, do you have time to review this ticket this week?

comment:19 Changed 9 days ago by teor

Reviewer: mikeperryteor

Taking over reviews from Mike, because he's busy with WTF-PAD.

Note: See TracTickets for help on using tickets.