def createTLSLinkCert(lifetime=7200): """Create a certificate for the TLS link layer. The TLS certificate used for the link layer between Tor relays, and between clients and their bridges/guards, has a shorter lifetime than the other certificates. Currently, these certs expire after two hours. :param integer lifetime: The time, in seconds, that the certificate should remain valid for. :rtype: :class:`OpenSSL.crypto.X509` :returns: A certificate, unsigned, and without a key attached to it. """ cert = createTLSCert(lifetime) cert.get_subject().CN = 'www.' + util.getHexString(16) + '.net' cert.get_issuer().CN = 'www.' + util.getHexString(10) + '.com' return cert
def generateExtraInfo(nickname, fingerprint, ts, ipv4, port): """Create an OR extra-info document. See §2.2 "Extra-info documents" in torspec.git/dir-spec.txt. :param str nickname: The router's nickname. :param str fingerprint: A space-separated, hex-encoded, SHA-1 digest of the OR's private identity key. See :func:`convertToSpaceyFingerprint`. :param str ts: An ISO-8601 timestamp. See :func:`makeTimeStamp`. :param str ipv4: An IPv4 address. :param str port: The OR's ORPort. :rtype: str :returns: An extra-info document (unsigned). """ extra = [] extra.append("extra-info %s %s" % (nickname, fingerprint)) extra.append("published %s" % ts) extra.append("write-history %s (900 s) 3188736,2226176,2866176" % ts) extra.append("read-history %s (900 s) 3891200,2483200,2698240" % ts) extra.append("dirreq-write-history %s (900 s) 1024,0,2048" % ts) extra.append("dirreq-read-history %s (900 s) 0,0,0" % ts) extra.append("geoip-db-digest %s" % util.getHexString(40)) extra.append("geoip6-db-digest %s" % util.getHexString(40)) extra.append("dirreq-stats-end %s (86400 s)" % ts) extra.append("dirreq-v3-ips") extra.append("dirreq-v3-reqs") extra.append("dirreq-v3-resp ok=16,not-enough-sigs=0,unavailable=0,not-found=0,not-modified=0,busy=0") extra.append("dirreq-v3-direct-dl complete=0,timeout=0,running=0") extra.append("dirreq-v3-tunneled-dl complete=12,timeout=0,running=0") extra.append("transport obfs3 %s:%d" % (ipv4, port + 1)) extra.append("transport obfs2 %s:%d" % (ipv4, port + 2)) extra.append("bridge-stats-end %s (86400 s)" % ts) extra.append("bridge-ips ca=8") extra.append("bridge-ip-versions v4=8,v6=0") extra.append("bridge-ip-transports <OR>=8") extra.append("router-signature\n") return '\n'.join(extra)
def generateExtraInfo(nickname, fingerprint, ts, ipv4, port, bridge=True): """Create an OR extra-info document. See §2.2 "Extra-info documents" in torspec.git/dir-spec.txt. For ``transport scramblesuit`` lines, the ``password`` parameter *always* is ``ABCDEFGHIJKLMNOPQRSTUVWXYZ234567``, i.e.:: transport scramblesuit 10.0.1.111:4444 password=ABCDEFGHIJKLMNOPQRSTUVWXYZ234567 :param str nickname: The router's nickname. :param str fingerprint: A space-separated, hex-encoded, SHA-1 digest of the OR's private identity key. See :func:`convertToSpaceyFingerprint`. :param str ts: An ISO-8601 timestamp. See :func:`makeTimeStamp`. :param str ipv4: An IPv4 address. :param str port: The OR's ORPort. :rtype: str :returns: An extra-info document (unsigned). """ extra = [] extra.append(b"extra-info %s %s" % (nickname, fingerprint)) extra.append(b"published %s" % ts) extra.append(b"write-history %s (900 s) 3188736,2226176,2866176" % ts) extra.append(b"read-history %s (900 s) 3891200,2483200,2698240" % ts) extra.append(b"dirreq-write-history %s (900 s) 1024,0,2048" % ts) extra.append(b"dirreq-read-history %s (900 s) 0,0,0" % ts) extra.append(b"geoip-db-digest %s" % util.getHexString(40)) extra.append(b"geoip6-db-digest %s" % util.getHexString(40)) extra.append(b"dirreq-stats-end %s (86400 s)" % ts) extra.append(b"dirreq-v3-ips") extra.append(b"dirreq-v3-reqs") extra.append(b"dirreq-v3-resp ok=16,not-enough-sigs=0,unavailable=0,not-found=0,not-modified=0,busy=0") extra.append(b"dirreq-v3-direct-dl complete=0,timeout=0,running=0") extra.append(b"dirreq-v3-tunneled-dl complete=12,timeout=0,running=0") if bridge: scramblesuitPassword = b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' obfs4iatMode = bytes(random.getrandbits(1)) # 0 or 1 # hexadecimal, 40 chars long: obfs4nodeID = hashlib.sha1(bytes(random.getrandbits(8))).hexdigest() # hexadecimal, 64 chars long: obfs4publicKey = hashlib.sha256(bytes(random.getrandbits(8))).hexdigest() extra.append(b"transport obfs3 %s:%d" % (ipv4, port + 1)) extra.append(b"transport obfs2 %s:%d" % (ipv4, port + 2)) extra.append(b"transport scramblesuit %s:%d password=%s" % (ipv4, port + 3, scramblesuitPassword)) # PT args are comma-separated in the bridge-extrainfo descriptors: extra.append(b"transport obfs4 %s:%d iat-mode=%s,node-id=%s,public-key=%s" % (ipv4, port + 4, obfs4iatMode, obfs4nodeID, obfs4publicKey)) extra.append(b"bridge-stats-end %s (86400 s)" % ts) extra.append(b"bridge-ips ca=8") extra.append(b"bridge-ip-versions v4=8,v6=0") extra.append(b"bridge-ip-transports <OR>=8") extra.append(b"router-signature\n") extrainfoDoc = b'\n'.join(extra) return extrainfoDoc
def generateExtraInfo(nickname, fingerprint, ts, ipv4, port, bridge=True): """Create an OR extra-info document. See §2.2 "Extra-info documents" in dir-spec.txt_. For ``transport scramblesuit`` lines, the ``password`` parameter *always* is ``ABCDEFGHIJKLMNOPQRSTUVWXYZ234567``, i.e.:: transport scramblesuit 10.0.1.111:4444 password=ABCDEFGHIJKLMNOPQRSTUVWXYZ234567 .. _dir-spec.txt: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt :param str nickname: The router's nickname. :param str fingerprint: A space-separated, hex-encoded, SHA-1 digest of the OR's private identity key. See :func:`convertToSpaceyFingerprint`. :param str ts: An ISO-8601 timestamp. See :func:`makeTimeStamp`. :param str ipv4: An IPv4 address. :param str port: The OR's ORPort. :rtype: str :returns: An extra-info document (unsigned). """ extra = [] extra.append(b"extra-info %s %s" % (nickname, fingerprint)) extra.append(b"published %s" % ts) extra.append(b"write-history %s (900 s) 3188736,2226176,2866176" % ts) extra.append(b"read-history %s (900 s) 3891200,2483200,2698240" % ts) extra.append(b"dirreq-write-history %s (900 s) 1024,0,2048" % ts) extra.append(b"dirreq-read-history %s (900 s) 0,0,0" % ts) extra.append(b"geoip-db-digest %s" % util.getHexString(40)) extra.append(b"geoip6-db-digest %s" % util.getHexString(40)) extra.append(b"dirreq-stats-end %s (86400 s)" % ts) extra.append(b"dirreq-v3-ips") extra.append(b"dirreq-v3-reqs") extra.append( b"dirreq-v3-resp ok=16,not-enough-sigs=0,unavailable=0,not-found=0,not-modified=0,busy=0" ) extra.append(b"dirreq-v3-direct-dl complete=0,timeout=0,running=0") extra.append(b"dirreq-v3-tunneled-dl complete=12,timeout=0,running=0") if bridge: scramblesuitPassword = b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' obfs4iatMode = bytes(random.getrandbits(1)) # 0 or 1 # hexadecimal, 40 chars long: obfs4nodeID = hashlib.sha1(bytes(random.getrandbits(8))).hexdigest() # hexadecimal, 64 chars long: obfs4publicKey = hashlib.sha256(bytes( random.getrandbits(8))).hexdigest() extra.append(b"transport obfs3 %s:%d" % (ipv4, port + 1)) extra.append(b"transport obfs2 %s:%d" % (ipv4, port + 2)) extra.append(b"transport scramblesuit %s:%d password=%s" % (ipv4, port + 3, scramblesuitPassword)) # PT args are comma-separated in the bridge-extrainfo descriptors: extra.append( b"transport obfs4 %s:%d iat-mode=%s,node-id=%s,public-key=%s" % (ipv4, port + 4, obfs4iatMode, obfs4nodeID, obfs4publicKey)) extra.append(b"bridge-stats-end %s (86400 s)" % ts) extra.append(b"bridge-ips ca=8") extra.append(b"bridge-ip-versions v4=8,v6=0") extra.append(b"bridge-ip-transports <OR>=8") extra.append(b"router-signature\n") extrainfoDoc = b'\n'.join(extra) return extrainfoDoc