-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When the ephemeral hs is initialized with an existing key ehs.private and ehs.hostname remains uninitialized #190
Comments
I added a main function to test the code you provided: import txtorcon
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from twisted.internet.defer import inlineCallbacks
from twisted.internet.task import react
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=1024,
backend=default_backend()
)
privkey = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
privkey = privkey.replace('-----BEGIN RSA PRIVATE KEY-----', '')
privkey = privkey.replace('-----END RSA PRIVATE KEY-----', '')
privkey = privkey.replace('\n', '')
privkey = 'RSA1024:' + privkey
@react
@inlineCallbacks
def main(reactor):
tor = yield txtorcon.launch(reactor)
hs = txtorcon.EphemeralHiddenService(["80 127.0.0.1:8082"], privkey)
yield hs.add_to_tor(tor.protocol)
print hs.hostname
try:
print hs.private_key
except AttributeError:
pass
yield hs.remove_from_tor(tor.protocol) A part of this issue has been fixed in the current txtorcon version - it does "persist" the hostname, because that is returned by the The code persisting the private key in 464 if self._key_blob == 'NEW:BEST':
465 self.private_key = ans['PrivateKey'] Suggestions:
What do you think? |
Yes. And probably just checking for "NEW:" is most future-proof (e.g. as Tor adds new key types). Also, yes, persisting the private-key is a good idea. There are new, more-complete Onion APIs coming "soon" (the last stuff on the (Also, FWIW, the "new" APIs all use "onion" instead of "hidden") |
So, do you think that the more strict checks could be done in
Oh, great to hear that :) |
In general, I try to keep things "as future-proof as reasonable". So, I would prefer to just take This gives a good experience to users even if they're using an "older" txtorcon against a new (or unreleased) Tor. Also, I really try to avoid encoding any knowledge of Tor's version into txtorcon -- there's only one obscure exception to this right now. Similarly: using "GETINFO" to discover what SETCONF options are available -- this works with any Tor version and avoids txtorcon having to know anything at all about Tor's specific options. |
Hmmm very interesting! Makes a lot of sense. Thanks for the explanation :) Do you think the length check in |
Yeah, the length check probably violates my own "rules" as stated above ;) |
Oh, it auto-closes it. Hmm, well this is on master now but not yet released. |
this is in 0.19.2 |
Right now when the when the ephemeral hs is initialized with an existing key ehs.private and ehs.hostname remains uninitialized.
In order to reproduce and unit tests the fix the following code could be used:
it will be then possible to verify that when the callbacks are resolved hs.private_key and hs.hostname will be still undefined resulting in a KeyError if one access them.
The text was updated successfully, but these errors were encountered: