user/atagar/stem, branch master Damian's stem repository Extrainfo descriptor transport lines fail validation 2020-03-05T01:56:56+00:00 Damian Johnson atagar@torproject.org 2020-03-05T01:49:09+00:00 7a0a8dd8d4218d5dabec3c2e47bebc4d1771236e Oops! Transport lines effectviely never appear aside from raw bridge descriptors (which we never see), so I didn't have a live example to test with. Now we have one. DocTor's descriptor validation check is failing with... 03/05/2020 00:35:33 [WARNING] Unable to retrieve the extrainfo descriptors: Transport line has a malformed address: transport obfs4 [2001:985:e77:5:fd34:f56b:c2d1:e98c]:10394 cert=dJ/a+vnP+eFv7FDaVUqWCVlyrqf8FlOva2YAEkDUwiGQuorZf4Oc6FXSdyn8b4pUmZj/WA,iat-mode=0 Caught thanks to GeKo. 
Oops! Transport lines effectviely never appear aside from raw bridge
descriptors (which we never see), so I didn't have a live example to
test with.

Now we have one. DocTor's descriptor validation check is failing with...

  03/05/2020 00:35:33 [WARNING] Unable to retrieve the extrainfo descriptors: Transport line has a malformed address: transport obfs4 [2001:985:e77:5:fd34:f56b:c2d1:e98c]:10394 cert=dJ/a+vnP+eFv7FDaVUqWCVlyrqf8FlOva2YAEkDUwiGQuorZf4Oc6FXSdyn8b4pUmZj/WA,iat-mode=0

Caught thanks to GeKo.
Drop complex version requirement class 2020-02-19T01:42:52+00:00 Damian Johnson atagar@torproject.org 2020-02-19T01:36:47+00:00 156c408fe033f30bf4c1a66bbb3f9bfade0b7b12 Removing a private class that supported version rule chains (for example, "check if I'm greater than 1.2.2 in the 1.2 series, or 1.3.5 in the 1.3 series"). This was only used for a single requirement check which has now been removed. We can always revive this class in the future if it's useful. 
Removing a private class that supported version rule chains (for example,
"check if I'm greater than 1.2.2 in the 1.2 series, or 1.3.5 in the 1.3
series"). This was only used for a single requirement check which has now
been removed.

We can always revive this class in the future if it's useful.
Drop tor event version constants 2020-02-19T01:42:23+00:00 Damian Johnson atagar@torproject.org 2020-02-19T01:32:50+00:00 55906cd95062d838f14620ed4f7e1f97aedbfaa4 I doubt anyone has ever used event versions from our Requirement constants. Retaining these within the event classes but dropping the clutter from our version module. 
I doubt anyone has ever used event versions from our Requirement constants.
Retaining these within the event classes but dropping the clutter from our
version module.
Consistently document when cryptography is required 2020-02-19T00:32:26+00:00 Damian Johnson atagar@torproject.org 2020-02-18T23:54:48+00:00 682fdf18ae921bde1cebb3514d794ca6e18ab9d5 Audited our library's cryptography imports for exception handling when unavailable, and consistently document when it's required. 
Audited our library's cryptography imports for exception handling when
unavailable, and consistently document when it's required.
Tests required sqlite3 2020-02-19T00:32:19+00:00 Damian Johnson atagar@torproject.org 2020-02-18T22:45:57+00:00 c4072bd1705e1996eecc3236995c26e9a3fbf8bd Python includes sqlite3 as a builtin, but when you compile python yourself it isn't included by default. Our stem.manual attempted to account for this but our tests didn't, and with python3 the module raises a ModuleNotFoundError rather than an ImportError. Traceback (most recent call last): File "/home/atagar/Desktop/stem/test/task.py", line 160, in _import_tests importlib.import_module(module.rsplit('.', 1)[0]) File "/home/atagar/Python-3.8.1/Lib/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1014, in _gcd_import File "<frozen importlib._bootstrap>", line 991, in _find_and_load File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 671, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 783, in exec_module File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "/home/atagar/Desktop/stem/test/unit/manual.py", line 8, in <module> import sqlite3 File "/home/atagar/Python-3.8.1/Lib/sqlite3/__init__.py", line 23, in <module> from sqlite3.dbapi2 import * File "/home/atagar/Python-3.8.1/Lib/sqlite3/dbapi2.py", line 27, in <module> from _sqlite3 import * ModuleNotFoundError: No module named '_sqlite3' 
Python includes sqlite3 as a builtin, but when you compile python yourself it
isn't included by default. Our stem.manual attempted to account for this but
our tests didn't, and with python3 the module raises a ModuleNotFoundError
rather than an ImportError.

  Traceback (most recent call last):
    File "/home/atagar/Desktop/stem/test/task.py", line 160, in _import_tests
      importlib.import_module(module.rsplit('.', 1)[0])
    File "/home/atagar/Python-3.8.1/Lib/importlib/__init__.py", line 127, in import_module
      return _bootstrap._gcd_import(name[level:], package, level)
    File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
    File "<frozen importlib._bootstrap>", line 991, in _find_and_load
    File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
    File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
    File "<frozen importlib._bootstrap_external>", line 783, in exec_module
    File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
    File "/home/atagar/Desktop/stem/test/unit/manual.py", line 8, in <module>
      import sqlite3
    File "/home/atagar/Python-3.8.1/Lib/sqlite3/__init__.py", line 23, in <module>
      from sqlite3.dbapi2 import *
    File "/home/atagar/Python-3.8.1/Lib/sqlite3/dbapi2.py", line 27, in <module>
      from _sqlite3 import *
  ModuleNotFoundError: No module named '_sqlite3'
Drop undocumented 'encoded' attribute from certificates 2020-02-18T00:49:57+00:00 Damian Johnson atagar@torproject.org 2020-02-18T00:42:27+00:00 657b8acf95c83ec3836039bf1844d9e55c607956 When an Ed25519Certificate was created through from_base64() we appended an undocumented 'encoded' attribute with the base64 content we were created from. Our to_base64() method computes the exact same thing. This attribute was only used in a single place for server descriptor validation. If 'encoded' and to_base64() mismatches that is a bug. Fiddling with these I cound't come up with a scenario where that is a case, so dropping the redundant attribute. Also merging _validate_server_desc_signing_key() into its sole caller. 
When an Ed25519Certificate was created through from_base64() we appended an
undocumented 'encoded' attribute with the base64 content we were created from.
Our to_base64() method computes the exact same thing.

This attribute was only used in a single place for server descriptor
validation.

If 'encoded' and to_base64() mismatches that is a bug. Fiddling with these I
cound't come up with a scenario where that is a case, so dropping the redundant
attribute.

Also merging _validate_server_desc_signing_key() into its sole caller.
Replace stem.prereq module 2020-02-17T23:53:51+00:00 Damian Johnson atagar@torproject.org 2020-02-17T01:19:52+00:00 75403ace36d39bc003955e5aec91b53c66c2e472 Our prereq module provides dependency checks, mostly for python versioning (now moot) and the cryptography module. It is not only cleaner but less error prone to perform dependency checks down where their imports are performed rather than upfront. This way import changes can't fall out of sync with our upfront checks. 
Our prereq module provides dependency checks, mostly for python versioning
(now moot) and the cryptography module.

It is not only cleaner but less error prone to perform dependency checks down
where their imports are performed rather than upfront. This way import changes
can't fall out of sync with our upfront checks.
Skip cryptographic validation of fabricated HSv2 descriptors 2020-02-11T21:46:47+00:00 Damian Johnson atagar@torproject.org 2020-02-11T21:46:47+00:00 960eb3ae96e607eb67af4898826a73690a82a301 Oops, when removing unused 'sign' arguments I accidently dropped our skip_crypto_validation argument here. George and I invested quite a bit of effort into creating cryptographically valid HSv3 descriptors, but HSv2 descriptors aren't. This caused the following test failures... ====================================================================== ERROR: test_minimal_hidden_service_descriptor ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/atagar/Desktop/stem/test/unit/descriptor/hidden_service_v2.py", line 414, in test_minimal_hidden_service_descriptor desc = HiddenServiceDescriptorV2.create() File "/home/atagar/Desktop/stem/stem/descriptor/hidden_service.py", line 702, in create return cls(cls.content(attr, exclude), validate = validate) File "/home/atagar/Desktop/stem/stem/descriptor/hidden_service.py", line 723, in __init__ signed_digest = self._digest_for_signature(self.permanent_key, self.signature) File "/home/atagar/Desktop/stem/stem/descriptor/__init__.py", line 1043, in _digest_for_signature key = load_der_public_key(_bytes_for_block(signing_key), default_backend()) File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 32, in load_der_public_key return backend.load_der_public_key(data) File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1182, in load_der_public_key self._handle_key_loading_error() File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1373, in _handle_key_loading_error raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data. 
Oops, when removing unused 'sign' arguments I accidently dropped our
skip_crypto_validation argument here. George and I invested quite a bit of
effort into creating cryptographically valid HSv3 descriptors, but HSv2
descriptors aren't.

This caused the following test failures...

  ======================================================================
  ERROR: test_minimal_hidden_service_descriptor
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "/home/atagar/Desktop/stem/test/unit/descriptor/hidden_service_v2.py", line 414, in test_minimal_hidden_service_descriptor
      desc = HiddenServiceDescriptorV2.create()
    File "/home/atagar/Desktop/stem/stem/descriptor/hidden_service.py", line 702, in create
      return cls(cls.content(attr, exclude), validate = validate)
    File "/home/atagar/Desktop/stem/stem/descriptor/hidden_service.py", line 723, in __init__
      signed_digest = self._digest_for_signature(self.permanent_key, self.signature)
    File "/home/atagar/Desktop/stem/stem/descriptor/__init__.py", line 1043, in _digest_for_signature
      key = load_der_public_key(_bytes_for_block(signing_key), default_backend())
    File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 32, in load_der_public_key
      return backend.load_der_public_key(data)
    File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1182, in load_der_public_key
      self._handle_key_loading_error()
    File "/home/atagar/.local/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1373, in _handle_key_loading_error
      raise ValueError("Could not deserialize key data.")
  ValueError: Could not deserialize key data.
Drop tests for invalid signing argument 2020-02-11T01:39:59+00:00 Damian Johnson atagar@torproject.org 2020-02-11T01:39:59+00:00 91ef638728b398fcfed01ea243afecaf488b1fb7 Oops, I forgot to install cryptography under python 3.7 so I didn't exercise several tests. This doesn't fix all the failures but corrects the most obvious (we removed the sign argument when it was irrelevant). 
Oops, I forgot to install cryptography under python 3.7 so I didn't exercise
several tests. This doesn't fix all the failures but corrects the most obvious
(we removed the sign argument when it was irrelevant).
Tests errored with a '--log' argument 2020-02-10T23:05:17+00:00 Damian Johnson atagar@torproject.org 2020-02-10T23:05:17+00:00 a668cd8f4958431a3a5dbb33662e2acc304ee67a Oops, I removed our LogBuffer in commit 76b6b49 but it's still used by run_tests.py when we have a '--log' argument. Caught thanks to our Jenkins tests... Traceback (most recent call last): File "./run_tests.py", line 478, in <module> main() File "./run_tests.py", line 238, in main handler = logging_buffer = stem.util.log.LogBuffer(args.logging_runlevel) AttributeError: module 'stem.util.log' has no attribute 'LogBuffer' 
Oops, I removed our LogBuffer in commit 76b6b49 but it's still used by
run_tests.py when we have a '--log' argument. Caught thanks to our Jenkins
tests...

  Traceback (most recent call last):
    File "./run_tests.py", line 478, in <module>
      main()
    File "./run_tests.py", line 238, in main
      handler = logging_buffer = stem.util.log.LogBuffer(args.logging_runlevel)
  AttributeError: module 'stem.util.log' has no attribute 'LogBuffer'